From 9615c49dde309ebe2dea46cc256217869d86ab80 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Sat, 6 Nov 2021 10:20:31 +0500 Subject: [PATCH 01/79] Update deploy-wdac-policies-with-script.md --- .../deploy-wdac-policies-with-script.md | 44 +++++++++++-------- 1 file changed, 25 insertions(+), 19 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index 36243edbf3..817a23cb09 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -10,7 +10,7 @@ ms.reviewer: jogeurte ms.author: jogeurte ms.manager: jsuther manager: dansimp -ms.date: 04/14/2021 +ms.date: 11/06/2021 ms.technology: windows-sec ms.topic: article ms.localizationpriority: medium @@ -32,7 +32,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p > [!NOTE] > To use this procedure, download and distribute the [WDAC policy refresh tool](https://aka.ms/refreshpolicy) to all managed endpoints. Ensure your WDAC policies allow the WDAC policy refresh tool or use a managed installer to distribute the tool. -## Script-based deployment process for Windows 10 version 1903 and above +## Deploying policies for Windows 10 version 1903 and above 1. Initialize the variables to be used by the script. @@ -56,23 +56,7 @@ This topic describes how to deploy Windows Defender Application Control (WDAC) p & $RefreshPolicyTool ``` -### Deploying signed policies - -In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. - -1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: - - ```powershell - mountvol J: /S - J: - mkdir J:\EFI\Microsoft\Boot\CiPolicies\Active - ``` - -2. Copy the signed policy binary as `{PolicyGUID}.cip` to `J:\EFI\Microsoft\Boot\CiPolicies\Active`. - -3. Reboot the system. - -## Script-based deployment process for Windows 10 versions earlier than 1903 +## Deploying policies for Windows 10 versions earlier than 1903 1. Initialize the variables to be used by the script. @@ -93,3 +77,25 @@ In addition to the steps outlined above, the binary policy file must also be cop ```powershell Invoke-CimMethod -Namespace root\Microsoft\Windows\CI -ClassName PS_UpdateAndCompareCIPolicy -MethodName Update -Arguments @{FilePath = $DestinationBinary} ``` + +## Deploying signed policies + +In addition to the steps outlined above, the binary policy file must also be copied to the device's EFI partition. Deploying your policy via [MEM](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. + +1. Mount the EFI volume and make the directory, if it does not exist, in an elevated PowerShell prompt: + + ```powershell + $MountPoint = 'C:\EFI' + $EFIDestinationFolder = "$MountPoint\Microsoft\Boot\CiPolicies\Active" + $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0] + mkdir $EFIDestinationFolder + mountvol $MountPoint $EFIPartition + ``` + +2. Copy the signed policy to the created folder: + + ```powershell + Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force + ``` + +3. Reboot the system. From f1b45c2c6a2498f3290cbcd4ce136150521db082 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Mon, 8 Nov 2021 12:54:21 +0530 Subject: [PATCH 02/79] part1 5548257 changes --- .gitignore | 1 + .../wcd/wcd-accountmanagement.md | 14 +++---- windows/configuration/wcd/wcd-accounts.md | 10 ++--- .../configuration/wcd/wcd-admxingestion.md | 8 ++-- .../configuration/wcd/wcd-assignedaccess.md | 8 ++-- .../configuration/wcd/wcd-automatictime.md | 18 ++++----- windows/configuration/wcd/wcd-browser.md | 14 +++---- .../wcd/wcd-callandmessagingenhancement.md | 8 ++-- windows/configuration/wcd/wcd-calling.md | 6 +-- windows/configuration/wcd/wcd-cellcore.md | 40 +++++++++---------- windows/configuration/wcd/wcd-cellular.md | 6 +-- windows/configuration/wcd/wcd-certificates.md | 6 +-- windows/configuration/wcd/wcd-cleanpc.md | 8 ++-- windows/configuration/wcd/wcd-connections.md | 6 +-- .../wcd/wcd-connectivityprofiles.md | 16 ++++---- 15 files changed, 85 insertions(+), 84 deletions(-) diff --git a/.gitignore b/.gitignore index 9841e0daea..537edb091d 100644 --- a/.gitignore +++ b/.gitignore @@ -19,3 +19,4 @@ packages.config wdav-pm-sln.csproj wdav-pm-sln.csproj.user wdav-pm-sln.sln +windows/client-management/mdm/bitlocker-csp.md diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md index 3ac49ccd7e..62c0c24b82 100644 --- a/windows/configuration/wcd/wcd-accountmanagement.md +++ b/windows/configuration/wcd/wcd-accountmanagement.md @@ -19,13 +19,13 @@ Use these settings to configure the Account Manager service. ## Applies to -| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [DeletionPolicy](#deletionpolicy) | | | | X | | -| [EnableProfileManager](#enableprofilemanager) | | | | X | | -| [ProfileInactivityThreshold](#profileinactivitythreshold) | | | | X | | -| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) | | | | X | | -| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) | | | | X | | +| Settings | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [DeletionPolicy](#deletionpolicy) | | | X | | +| [EnableProfileManager](#enableprofilemanager) | | | X | | +| [ProfileInactivityThreshold](#profileinactivitythreshold) | | | X | | +| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) | | | X | | +| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) | | | X | | >[!NOTE] >Although the AccountManagement settings are available in advanced provisioning for other editions, you should only use them for HoloLens devices. diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md index 2e172a122e..892f956783 100644 --- a/windows/configuration/wcd/wcd-accounts.md +++ b/windows/configuration/wcd/wcd-accounts.md @@ -19,11 +19,11 @@ Use these settings to join a device to an Active Directory domain or an Azure Ac ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Azure](#azure) | X | X | X | X | | -| [ComputerAccount](#computeraccount) | X | | X | | X | -| [Users](#users) | X | | X | X | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Azure](#azure) | X | X | X | | +| [ComputerAccount](#computeraccount) | X | X | | X | +| [Users](#users) | X | X | X | | ## Azure diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md index 9a474ff6c8..9ed3605d2c 100644 --- a/windows/configuration/wcd/wcd-admxingestion.md +++ b/windows/configuration/wcd/wcd-admxingestion.md @@ -26,10 +26,10 @@ Starting in Windows 10, version 1703, you can import (*ingest*) select Group Pol ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) | X | | | | | -| [ConfigOperations](#configoperations) | X | | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) | X | | | | +| [ConfigOperations](#configoperations) | X | | | | ## ConfigADMXInstalledPolicy diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md index a891fbcb93..70ce50cc85 100644 --- a/windows/configuration/wcd/wcd-assignedaccess.md +++ b/windows/configuration/wcd/wcd-assignedaccess.md @@ -19,10 +19,10 @@ Use this setting to configure single use (kiosk) devices. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [AssignedAccessSettings](#assignedaccesssettings) | X | | | X | | -| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | X | | | X | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [AssignedAccessSettings](#assignedaccesssettings) | X | | X | | +| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | X | | X | | ## AssignedAccessSettings diff --git a/windows/configuration/wcd/wcd-automatictime.md b/windows/configuration/wcd/wcd-automatictime.md index 53200de533..b01b86ddb6 100644 --- a/windows/configuration/wcd/wcd-automatictime.md +++ b/windows/configuration/wcd/wcd-automatictime.md @@ -21,15 +21,15 @@ The OS includes support for Network Time Protocol (NTP), which enables devices t ## Applies to -| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [EnableAutomaticTime](#enableautomatictime) | | X | | | | -| [NetworkTimeUpdateThreshold](#networktimeupdatethreshold) | | X | | | | -| [NTPEnabled](#ntpenabled) | | X | | | | -| [NTPRegularSyncInterval](#ntpregularsyncinterval) | | X | | | | -| [NTPRetryInterval](#ntpretryinterval) | | X | | | | -| [NTPServer](#ntpserver) | | X | | | | -| [PreferredSlot](#preferredslot) | | X | | | | +| Settings | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [EnableAutomaticTime](#enableautomatictime) | | | | | +| [NetworkTimeUpdateThreshold](#networktimeupdatethreshold) | | | | | +| [NTPEnabled](#ntpenabled) | | | | | +| [NTPRegularSyncInterval](#ntpregularsyncinterval) | | | | | +| [NTPRetryInterval](#ntpretryinterval) | | | | | +| [NTPServer](#ntpserver) | | | | | +| [PreferredSlot](#preferredslot) | | | | | ## EnableAutomaticTime diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md index d7e8ff6e10..bfdf0dcfcc 100644 --- a/windows/configuration/wcd/wcd-browser.md +++ b/windows/configuration/wcd/wcd-browser.md @@ -19,13 +19,13 @@ Use to configure browser settings that should only be set by OEMs who are part o ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [AllowPrelaunch](#allowprelaunch) | | | X | | | -| [FavoriteBarItems](#favoritebaritems) | X | | | | | -| [Favorites](#favorites) | | X | | | | -| [PartnerSearchCode](#partnersearchcode) | X | X | X | | | -| [SearchProviders](#searchproviders) | | X | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [AllowPrelaunch](#allowprelaunch) | | X | | | +| [FavoriteBarItems](#favoritebaritems) | X | | | | +| [Favorites](#favorites) | | | | | +| [PartnerSearchCode](#partnersearchcode) | X | X | | | +| [SearchProviders](#searchproviders) | | | | | ## AllowPrelaunch diff --git a/windows/configuration/wcd/wcd-callandmessagingenhancement.md b/windows/configuration/wcd/wcd-callandmessagingenhancement.md index d841991b53..b3d1396cdc 100644 --- a/windows/configuration/wcd/wcd-callandmessagingenhancement.md +++ b/windows/configuration/wcd/wcd-callandmessagingenhancement.md @@ -22,10 +22,10 @@ Use to configure call origin and blocking apps. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [BlockingApp](#blockingapp) | | X | | | | -| [CallOriginApp](#calloriginapp) | | X | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [BlockingApp](#blockingapp) | | | | | +| [CallOriginApp](#calloriginapp) | | | | | ## BlockingApp diff --git a/windows/configuration/wcd/wcd-calling.md b/windows/configuration/wcd/wcd-calling.md index d346a04e2c..3489892af7 100644 --- a/windows/configuration/wcd/wcd-calling.md +++ b/windows/configuration/wcd/wcd-calling.md @@ -22,9 +22,9 @@ Use to configure settings for Calling. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | X | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | | | ## Branding diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md index de0d3359b2..4273166758 100644 --- a/windows/configuration/wcd/wcd-cellcore.md +++ b/windows/configuration/wcd/wcd-cellcore.md @@ -24,26 +24,26 @@ Use to configure settings for cellular data. ## Applies to - Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core - --- | :---: | :---: | :---: | :---: | :---: - PerDevice: [CellConfigurations](#cellconfigurations) | | X | | | | - PerDevice: [CellData](#celldata) | X | X | X | | - PerDevice: [CellUX](#cellux) | X | X | X | | - PerDevice: [CGDual](#cgdual) | | X | | | - PerDevice: [eSim](#esim) | X | X | X | | - PerDevice: [External](#external) | | X | | | - PerDevice: [General](#general) | | X | | | - PerDevice: [RCS](#rcs) | | X | | | - PerDevice: [SMS](#sms) | X | X | X | | - PerDevice: [UIX](#uix) | | X | | | - PerDevice: [UTK](#utk) | | X | | | - PerlMSI: [CellData](#celldata2) | | X | | | - PerIMSI: [CellUX](#cellux2) | | X | | | - PerIMSI: [General](#general2) | | X | | | - PerIMSI: [RCS](#rcs2) | | X | | | - PerIMSI: [SMS](#sms2) | X | X | X | | - PerIMSI: [UTK](#utk2) | | X | | | - PerIMSI: [VoLTE](#volte) | | X | | | + Setting groups | Windows client | Surface Hub | HoloLens | IoT Core + --- | :---: | :---: | :---: | :---: + PerDevice: [CellConfigurations](#cellconfigurations) | | | | | + PerDevice: [CellData](#celldata) | X | X | | + PerDevice: [CellUX](#cellux) | X | X | | + PerDevice: [CGDual](#cgdual) | | | | + PerDevice: [eSim](#esim) | X | X | | + PerDevice: [External](#external) | | | | + PerDevice: [General](#general) | | | | + PerDevice: [RCS](#rcs) | | | | + PerDevice: [SMS](#sms) | X | X | | + PerDevice: [UIX](#uix) | | | | + PerDevice: [UTK](#utk) | | | | + PerlMSI: [CellData](#celldata2) | | | | + PerIMSI: [CellUX](#cellux2) | | | | + PerIMSI: [General](#general2) | | | | + PerIMSI: [RCS](#rcs2) | | | | + PerIMSI: [SMS](#sms2) | X | X | | + PerIMSI: [UTK](#utk2) | | | | + PerIMSI: [VoLTE](#volte) | | | | ## PerDevice diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md index 2a3982c0d3..04ac696fc5 100644 --- a/windows/configuration/wcd/wcd-cellular.md +++ b/windows/configuration/wcd/wcd-cellular.md @@ -21,9 +21,9 @@ Use to configure settings for cellular connections. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | X | | | | | +| Setting groups | Windows client | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | X | | | | ## PerDevice diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md index 79d200e65c..4396988b08 100644 --- a/windows/configuration/wcd/wcd-certificates.md +++ b/windows/configuration/wcd/wcd-certificates.md @@ -25,9 +25,9 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All setting groups | X | X | X | X | X | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All setting groups | X | X | X | X | ## CACertificates diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md index 17750d5db9..502fd00a9a 100644 --- a/windows/configuration/wcd/wcd-cleanpc.md +++ b/windows/configuration/wcd/wcd-cleanpc.md @@ -19,10 +19,10 @@ Use to remove user-installed and pre-installed applications, with the option to ## Applies to -| Settings | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| CleanPCRetainingUserData | X | | | | | -| CleanPCWithoutRetainingUserData | X | | | | | +| Settings | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| CleanPCRetainingUserData | X | | | | +| CleanPCWithoutRetainingUserData | X | | | | For each setting, the options are **Enable** and **Not configured**. diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md index 807e392469..ef1498384b 100644 --- a/windows/configuration/wcd/wcd-connections.md +++ b/windows/configuration/wcd/wcd-connections.md @@ -19,9 +19,9 @@ Use to configure settings related to various types of phone connections. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | X | X | X | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | X | X | | | For each setting group: diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md index 248a5ab250..5a0d2eb742 100644 --- a/windows/configuration/wcd/wcd-connectivityprofiles.md +++ b/windows/configuration/wcd/wcd-connectivityprofiles.md @@ -19,14 +19,14 @@ Use to configure profiles that a user will connect with, such as an email accoun ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Email](#email) | X | X | X | | | -| [Exchange](#exchange) | X | X | X | | | -| [KnownAccounts](#knownaccounts) | X | X | X | | | -| [VPN](#vpn) | X | X | X | X | | -| [WiFiSense](#wifisense) | X | X | X | | | -| [WLAN](#wlan) | X | X | X | X | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Email](#email) | X | X | | | +| [Exchange](#exchange) | X | X | | | +| [KnownAccounts](#knownaccounts) | X | X | | | +| [VPN](#vpn) | X | X | X | | +| [WiFiSense](#wifisense) | X | X | | | +| [WLAN](#wlan) | X | X | X | | ## Email From 128c1b80f8fe7b41e223895f1c2a4eeafcbf316d Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 8 Nov 2021 14:51:19 +0530 Subject: [PATCH 03/79] Updated as per tasks 5544015 --- .../auditing/advanced-security-auditing-faq.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index a3f1fdac56..291e687b2b 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -16,17 +16,17 @@ metadata: ms.collection: M365-security-compliance ms.topic: conceptual ms.date: 09/06/2021 - ms.technology: windows-sec + ms.technology: mde title: Advanced security auditing FAQ - +summary: This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. - [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) - - [What is the interaction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) + - [What is the interasction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) - [How are audit settings merged by Group Policy?](#how-are-audit-settings-merged-by-group-policy-) - [What is the difference between an object DACL and an object SACL?](#what-is-the-difference-between-an-object-dacl-and-an-object-sacl-) - [Why are audit policies applied on a per-computer basis rather than per user?](#why-are-audit-policies-applied-on-a-per-computer-basis-rather-than-per-user-) From 3abea34574616ce45612efc3602ea68e84561320 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 8 Nov 2021 15:08:05 +0530 Subject: [PATCH 04/79] Updated --- .../auditing/advanced-security-auditing-faq.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 291e687b2b..bef7a3080d 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -19,10 +19,7 @@ metadata: ms.technology: mde title: Advanced security auditing FAQ -summary: - - - This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. +summary: This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. - [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) From 2aed9f45ab495cabb81088d6afa632a39fb4aa5e Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 8 Nov 2021 15:16:41 +0530 Subject: [PATCH 05/79] Update advanced-security-auditing-faq.yml --- .../auditing/advanced-security-auditing-faq.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index bef7a3080d..d00bf92f4a 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -23,6 +23,7 @@ summary: This topic for the IT professional lists questions and answers about un - [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) + - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) - [What is the interasction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) - [How are audit settings merged by Group Policy?](#how-are-audit-settings-merged-by-group-policy-) - [What is the difference between an object DACL and an object SACL?](#what-is-the-difference-between-an-object-dacl-and-an-object-sacl-) From be82eb108a01a018a2bdaa502fdd0cf6da99f68f Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Mon, 8 Nov 2021 16:02:56 +0530 Subject: [PATCH 06/79] part2-5548257 --- windows/configuration/wcd/wcd-countryandregion.md | 6 +++--- .../wcd/wcd-desktopbackgroundandcolors.md | 6 +++--- windows/configuration/wcd/wcd-developersetup.md | 8 ++++---- windows/configuration/wcd/wcd-deviceformfactor.md | 6 +++--- windows/configuration/wcd/wcd-devicemanagement.md | 12 ++++++------ windows/configuration/wcd/wcd-deviceupdatecenter.md | 6 +++--- windows/configuration/wcd/wcd-dmclient.md | 6 +++--- windows/configuration/wcd/wcd-editionupgrade.md | 10 +++++----- .../configuration/wcd/wcd-firewallconfiguration.md | 6 +++--- windows/configuration/wcd/wcd-firstexperience.md | 6 +++--- windows/configuration/wcd/wcd-folders.md | 6 +++--- 11 files changed, 39 insertions(+), 39 deletions(-) diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md index e8cf5a0b37..81597e49d4 100644 --- a/windows/configuration/wcd/wcd-countryandregion.md +++ b/windows/configuration/wcd/wcd-countryandregion.md @@ -19,8 +19,8 @@ Use to configure a setting that partners must customize to ship Windows devices ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| CountryCodeForExtendedCapabilityPrompts | ✔️ | ✔️ | ✔️ | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| CountryCodeForExtendedCapabilityPrompts | ✔️ | ✔️ | | | You can set the **CountryCodeForExtendedCapabilityPrompts** setting for **China** to enable additional capability prompts when apps use privacy-sensitive features (such as Contacts or Microphone). diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md index 464d3c8163..e18abe6ad1 100644 --- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md +++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md @@ -19,7 +19,7 @@ Do not use. Instead, use the [Personalization settings](wcd-personalization.md). ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md index 666109a375..54acfa4e05 100644 --- a/windows/configuration/wcd/wcd-developersetup.md +++ b/windows/configuration/wcd/wcd-developersetup.md @@ -19,10 +19,10 @@ Use to unlock developer mode on HoloLens devices and configure authentication to ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [EnableDeveloperMode](#enabledevelopermode) | | | | ✔️ | | -| [AuthenticationMode](#authenticationmode) | | | | ✔️ | | +| Setting groups | Windows client | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [EnableDeveloperMode](#enabledevelopermode) | | | ✔️ | | +| [AuthenticationMode](#authenticationmode) | | | ✔️ | | diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md index fc86909bc1..b233406d79 100644 --- a/windows/configuration/wcd/wcd-deviceformfactor.md +++ b/windows/configuration/wcd/wcd-deviceformfactor.md @@ -19,9 +19,9 @@ Use to identify the form factor of the device. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| DeviceForm | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| DeviceForm | ✔️ | ✔️ | | | Specifies the device form factor running Windows 10. Generally, the device form is set by the original equipment manufacturer (OEM), however you might want to change the device form based on its usage in your organization. diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md index 236416cf96..bb1692d17e 100644 --- a/windows/configuration/wcd/wcd-devicemanagement.md +++ b/windows/configuration/wcd/wcd-devicemanagement.md @@ -19,12 +19,12 @@ Use to configure device management settings. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Accounts](#accounts) | ✔️ | ✔️ | ✔️ | | | -| [PGList](#pglist) | ✔️ | ✔️ | ✔️ | | | -| [Policies](#policies) | ✔️ | ✔️ | ✔️ | | | -| [TrustedProvisioningSource](#trustedprovisioningsource) | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Accounts](#accounts) | ✔️ | ✔️ | | | +| [PGList](#pglist) | ✔️ | ✔️ | | | +| [Policies](#policies) | ✔️ | ✔️ | | | +| [TrustedProvisioningSource](#trustedprovisioningsource) | ✔️ | ✔️ | | | ## Accounts diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md index 3dfa2d7fe2..e72df83e2d 100644 --- a/windows/configuration/wcd/wcd-deviceupdatecenter.md +++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md @@ -17,7 +17,7 @@ Do not use **DeviceUpdateCenter** settings at this time. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md index 39949ed4c4..31d0ed7b8c 100644 --- a/windows/configuration/wcd/wcd-dmclient.md +++ b/windows/configuration/wcd/wcd-dmclient.md @@ -19,9 +19,9 @@ Use to specify enterprise-specific mobile device management configuration settin ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| UpdateManagementServiceAddress | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| UpdateManagementServiceAddress | ✔️ | ✔️ | | ✔️ | For the **UpdateManagementServiceAddress** setting, enter a list of servers. The first server in the semi-colon delimited list is the server that will be used to instantiate MDM sessions. diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md index 79e2667cb2..aaa3c9a10e 100644 --- a/windows/configuration/wcd/wcd-editionupgrade.md +++ b/windows/configuration/wcd/wcd-editionupgrade.md @@ -19,11 +19,11 @@ Use to upgrade the edition of Windows 10 on the device. [Learn about Windows 10 ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [ChangeProductKey](#changeproductkey) | ✔️ | ✔️ | | | | -| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | ✔️ | ✔️ | | ✔️ | | -| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | ✔️ | ✔️ | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [ChangeProductKey](#changeproductkey) | ✔️ | | | | +| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | ✔️ | | ✔️ | | +| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | ✔️ | | | | ## ChangeProductKey diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md index 4bc834f3ac..cd505cda87 100644 --- a/windows/configuration/wcd/wcd-firewallconfiguration.md +++ b/windows/configuration/wcd/wcd-firewallconfiguration.md @@ -19,9 +19,9 @@ Use to enable AllJoyn router to work on public networks. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| EnableAllJoynOnPublicNetwork | | | | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| EnableAllJoynOnPublicNetwork | | | | ✔️ | Set to **True** or **False**. diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md index 0561b8d3f4..a854a53a49 100644 --- a/windows/configuration/wcd/wcd-firstexperience.md +++ b/windows/configuration/wcd/wcd-firstexperience.md @@ -19,9 +19,9 @@ Use these settings to configure the out-of-box experience (OOBE) to set up HoloL ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | | ✔️ | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | ✔️ | | Setting | Description --- | --- diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md index cc594611bc..1eab5f086b 100644 --- a/windows/configuration/wcd/wcd-folders.md +++ b/windows/configuration/wcd/wcd-folders.md @@ -19,8 +19,8 @@ Use to add files to the device. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| PublicDocuments | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| PublicDocuments | ✔️ | ✔️ | | | Browse to and select a file or files that will be included in the provisioning package and added to the public profile documents folder on the target device. You can use the **Relative path to directory on target device** field to create a new folder within the public profile documents folder. From 61348a9a82fc1d520ad05600cb5f62603c3bbed2 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 8 Nov 2021 16:37:10 +0530 Subject: [PATCH 07/79] Update advanced-security-auditing-faq.yml --- .../auditing/advanced-security-auditing-faq.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index d00bf92f4a..bef7a3080d 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -23,7 +23,6 @@ summary: This topic for the IT professional lists questions and answers about un - [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) - - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) - [What is the interasction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) - [How are audit settings merged by Group Policy?](#how-are-audit-settings-merged-by-group-policy-) - [What is the difference between an object DACL and an object SACL?](#what-is-the-difference-between-an-object-dacl-and-an-object-sacl-) From 3c65bb7ded60c2c9dd202b463d96fe30e671d9e3 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 8 Nov 2021 16:48:04 +0530 Subject: [PATCH 08/79] Update advanced-security-auditing-faq.yml --- .../auditing/advanced-security-auditing-faq.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index bef7a3080d..0a5f4d7f2a 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -22,6 +22,7 @@ title: Advanced security auditing FAQ summary: This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. - [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) + - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) - [What is the interasction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) - [How are audit settings merged by Group Policy?](#how-are-audit-settings-merged-by-group-policy-) From b82478420660db3a9139d2134068299a23489e1d Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 8 Nov 2021 16:55:08 +0530 Subject: [PATCH 09/79] Update advanced-security-auditing-faq.yml --- .../advanced-security-auditing-faq.yml | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 0a5f4d7f2a..a8750ae539 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -22,23 +22,39 @@ title: Advanced security auditing FAQ summary: This topic for the IT professional lists questions and answers about understanding, deploying, and managing security audit policies. - [What is Windows security auditing and why might I want to use it?](#what-is-windows-security-auditing-and-why-might-i-want-to-use-it-) - + - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) + - [What is the interasction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) + - [How are audit settings merged by Group Policy?](#how-are-audit-settings-merged-by-group-policy-) + - [What is the difference between an object DACL and an object SACL?](#what-is-the-difference-between-an-object-dacl-and-an-object-sacl-) + - [Why are audit policies applied on a per-computer basis rather than per user?](#why-are-audit-policies-applied-on-a-per-computer-basis-rather-than-per-user-) + - [What are the differences in auditing functionality between versions of Windows?](#what-are-the-differences-in-auditing-functionality-between-versions-of-windows-) + - [Can I use advanced audit policy from a domain controller running Windows Server 2003 or Windows 2000 Server?](#can-i-use-advanced-audit-policies-from-a-domain-controller-running-windows-server-2003-or-windows-2000-server-) + - [What is the difference between success and failure events? Is something wrong if I get a failure audit?](#what-is-the-difference-between-success-and-failure-events--is-something-wrong-if-i-get-a-failure-audit-) + - [How can I set an audit policy that affects all objects on a computer?](#how-can-i-set-an-audit-policy-that-affects-all-objects-on-a-computer-) + - [How do I figure out why someone was able to access a resource?](#how-do-i-figure-out-why-someone-was-able-to-access-a-resource-) + - [How do I know when changes are made to access control settings, by whom, and what the changes were?](#how-do-i-know-when-changes-are-made-to-access-control-settings--by-whom--and-what-the-changes-were-) + - [How can I roll back security audit policies from the advanced audit policy to the basic audit policy?](#how-can-i-roll-back-security-audit-policies-from-the-advanced-audit-policy-to-the-basic-audit-policy-) + - [How can I monitor if changes are made to audit policy settings?](#how-can-i-monitor-if-changes-are-made-to-audit-policy-settings-) + - [How can I minimize the number of events that are generated?](#how-can-i-minimize-the-number-of-events-that-are-generated-) + - [What are the best tools to model and manage audit policy?](#what-are-the-best-tools-to-model-and-manage-audit-policies-) + - [Where can I find information about all the possible events that I might receive?](#where-can-i-find-information-about-all-the-possible-events-that-i-might-receive-) + - [Where can I find more detailed information?](#where-can-i-find-more-detailed-information-) From 1d305857ced1ddef6b03bc717abccabd9dacfcb4 Mon Sep 17 00:00:00 2001 From: Ashok Lobo Date: Mon, 8 Nov 2021 17:08:28 +0530 Subject: [PATCH 10/79] Update advanced-security-auditing-faq.yml --- .../auditing/advanced-security-auditing-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index a8750ae539..73605a664a 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -54,7 +54,7 @@ summary: This topic for the IT professional lists questions and answers about un - [What are the best tools to model and manage audit policy?](#what-are-the-best-tools-to-model-and-manage-audit-policies-) - [Where can I find information about all the possible events that I might receive?](#where-can-i-find-information-about-all-the-possible-events-that-i-might-receive-) - + - [Where can I find more detailed information?](#where-can-i-find-more-detailed-information-) From 227c55a187702a5210b6da0f4fdccb34b9306264 Mon Sep 17 00:00:00 2001 From: Thomas Raya Date: Mon, 8 Nov 2021 08:51:00 -0800 Subject: [PATCH 11/79] Update .gitignore --- .gitignore | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitignore b/.gitignore index 1bc5b9c3de..8195f14f24 100644 --- a/.gitignore +++ b/.gitignore @@ -20,4 +20,3 @@ packages.config wdav-pm-sln.csproj wdav-pm-sln.csproj.user wdav-pm-sln.sln -windows/client-management/mdm/bitlocker-csp.md From 8d9948004d3eb3be0ae7e5609939c8a0e805f2a7 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 9 Nov 2021 09:55:04 +0530 Subject: [PATCH 12/79] part3 5548257 changes --- windows/configuration/wcd/wcd-kioskbrowser.md | 6 +- windows/configuration/wcd/wcd-licensing.md | 8 +- windows/configuration/wcd/wcd-location.md | 6 +- windows/configuration/wcd/wcd-maps.md | 10 +- windows/configuration/wcd/wcd-networkproxy.md | 6 +- .../configuration/wcd/wcd-networkqospolicy.md | 6 +- windows/configuration/wcd/wcd-oobe.md | 10 +- .../configuration/wcd/wcd-personalization.md | 12 +- windows/configuration/wcd/wcd-policies.md | 787 +++++++++--------- windows/configuration/wcd/wcd-privacy.md | 6 +- 10 files changed, 447 insertions(+), 410 deletions(-) diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md index 0db1c60a59..cbb31ac787 100644 --- a/windows/configuration/wcd/wcd-kioskbrowser.md +++ b/windows/configuration/wcd/wcd-kioskbrowser.md @@ -19,9 +19,9 @@ Use KioskBrowser settings to configure Internet sharing. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | | | ✔️ | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | | ✔️ | >[!NOTE] >To configure Kiosk Browser settings for desktop editions, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser). diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md index 98ebd963b2..82adee0181 100644 --- a/windows/configuration/wcd/wcd-licensing.md +++ b/windows/configuration/wcd/wcd-licensing.md @@ -19,10 +19,10 @@ Use for settings related to Microsoft licensing programs. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️ | | | | | -| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️ | | | | +| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️ | | | | ## AllowWindowsEntitlementReactivation diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md index c0617f9b4a..a2989cead5 100644 --- a/windows/configuration/wcd/wcd-location.md +++ b/windows/configuration/wcd/wcd-location.md @@ -18,9 +18,9 @@ Use Location settings to configure location services. ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [EnableLocation](#enablelocation) | | | | | ✔️ | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [EnableLocation](#enablelocation) | | | | ✔️ | ## EnableLocation diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md index b92e27c14e..51aacf0da3 100644 --- a/windows/configuration/wcd/wcd-maps.md +++ b/windows/configuration/wcd/wcd-maps.md @@ -18,11 +18,11 @@ Use for settings related to Maps. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [ChinaVariantWin10](#chinavariantwin10) | ✔️ | ✔️ | ✔️ | | | -| [UseExternalStorage](#useexternalstorage) | ✔️ | ✔️ | ✔️ | | | -| [UseSmallerCache](#usesmallercache) | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [ChinaVariantWin10](#chinavariantwin10) | ✔️ | ✔️ | | | +| [UseExternalStorage](#useexternalstorage) | ✔️ | ✔️ | | | +| [UseSmallerCache](#usesmallercache) | ✔️ | ✔️ | | | ## ChinaVariantWin10 diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md index e19c13f19c..1208a335d7 100644 --- a/windows/configuration/wcd/wcd-networkproxy.md +++ b/windows/configuration/wcd/wcd-networkproxy.md @@ -18,9 +18,9 @@ Use for settings related to NetworkProxy. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | ✔️ | | | +| Setting | Windows client | Mobile editions | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | ✔️ | | | ## AutoDetect diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md index 80e515c380..177a49d274 100644 --- a/windows/configuration/wcd/wcd-networkqospolicy.md +++ b/windows/configuration/wcd/wcd-networkqospolicy.md @@ -18,9 +18,9 @@ Use to create network Quality of Service (QoS) policies. A QoS policy performs a ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | ✔️ | | | 1. In **Available customizations**, select **NetworkQ0SPolicy**, enter a friendly name for the account, and then click **Add**. 2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md index 4245590994..e7f5dac2de 100644 --- a/windows/configuration/wcd/wcd-oobe.md +++ b/windows/configuration/wcd/wcd-oobe.md @@ -18,12 +18,12 @@ Use to configure settings for the [Out Of Box Experience (OOBE)](/windows-hardwa ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | :---: | -| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️ | | | | | -| [Desktop > HideOobe](#hided) | ✔️ | | | | | -| [Mobile > EnforceEnterpriseProvisioning](#nforce) | | ✔️ | | | | -| [Mobile > HideOobe](#hidem) | | ✔️ | | | | +| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️ | | | | +| [Desktop > HideOobe](#hided) | ✔️ | | | | +| [Mobile > EnforceEnterpriseProvisioning](#nforce) | | | | | +| [Mobile > HideOobe](#hidem) | | | | | diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md index 08af869bd0..18b6259bdc 100644 --- a/windows/configuration/wcd/wcd-personalization.md +++ b/windows/configuration/wcd/wcd-personalization.md @@ -18,12 +18,12 @@ Use to configure settings to personalize a PC. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [DeployDesktopImage](#deploydesktopimage) | ✔️ | | | | | -| [DeployLockScreenImage](#deploylockscreenimage) | ✔️ | | | | | -| [DesktopImageUrl](#desktopimageurl) | ✔️ | | | | | -| [LockScreenImageUrl](#lockscreenimageurl) | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [DeployDesktopImage](#deploydesktopimage) | ✔️ | | | | +| [DeployLockScreenImage](#deploylockscreenimage) | ✔️ | | | | +| [DesktopImageUrl](#desktopimageurl) | ✔️ | | | | +| [LockScreenImageUrl](#lockscreenimageurl) | ✔️ | | | | ## DeployDesktopImage diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 1d9c4d1eee..ec5c1d2844 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -18,176 +18,177 @@ This section describes the **Policies** settings that you can configure in [prov ## AboveLock -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | ✔️ | | | | -| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | | | | +| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✔️ | | | | ## Accounts -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✔️ | ✔️ | | | | -| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✔️ | ✔️ | | ✔️ | | -| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ | ✔️ | | | | -| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✔️ | | | | +| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✔️ | | ✔️ | | +| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ | | | | +| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ | | | | ## ApplicationDefaults -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | | | +| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | ## ApplicationManagement -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Mobile editions | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | ✔️ | | | ✔️ | -| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | ✔️ | | | ✔️ | -| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | | | ✔️ | +| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | | | ✔️ | +| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ | | [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | ✔️ | | | | | -| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | ✔️ | | | | -| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | ✔️ | | | | -| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | ✔️ | | | | -| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | | | -| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | ✔️ | | | ✔️ | -| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | ✔️ | | | ✔️ | +| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | | | | +| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | | +| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | | | | +| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | | +| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | | | ✔️ | +| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | | | ✔️ | ## Authentication -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ | +| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | | ✔️ | +| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | ✔️ | ✔️ | | ✔️ | +| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | | ✔️ | ## BitLocker -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✔️ | ✔️ | | | | +| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✔️ | | | | ## Bluetooth -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✔️ | ✔️ | ✔️ | ✔️ | +| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✔️ | ✔️ | ✔️ | ✔️ | +| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✔️ | ✔️ | ✔️ | ✔️ | +| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✔️ | ✔️ | ✔️ | ✔️ | ## Browser -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✔️ | | | | | -| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | ✔️ | | | | -[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | ✔️ | | | | -| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | | | -| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | | | -| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | | | -| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | | | -| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ | | | ✔️ | | -| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✔️ | | | | | -| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✔️ | | | | | -| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✔️ | | | | | -| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✔️ | | | | | -| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | ✔️ | | ✔️ | -[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | ✔️ | | | | -| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | | | -| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 additional search engines for MDM-enrolled devices. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | | | -| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | | | -| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | | | -| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | | | -| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | | | -| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | | | -| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | | | -[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | | | -| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | | | -| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | | | -| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | ✔️ | ✔️ | | | | -| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | | | -[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | ✔️ | | | | -| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ | | | | | -| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | ✔️ | | ✔️ | -PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | | | -| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | | | -| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | ✔️ | | ✔️ | -[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | ✔️ | ✔️ | | | | -| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | | | -| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | | | -| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✔️ | | | | | -| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ | | | | | -| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✔️ | | | | | -| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✔️ | | | | | -[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️ | ✔️ | | | | +| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✔️ | | | | +| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | | | | +[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | | | | +| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | | +| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | | +| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | | +| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | | +| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✔️ | ✔️ | | ✔️ | +| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ | ✔️ | | ✔️ | +| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ | | ✔️ | | +| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✔️ | | | | +| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✔️ | ✔️ | | ✔️ | +| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✔️ | | | | +| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ | +| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ | | ✔️ | +| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✔️ | | | | +| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✔️ | | | | +| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | | ✔️ | +[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | | | | +| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | | +| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 additional search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ | +| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | | +| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | | +| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | | +| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | | +| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | | +| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | | +| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | | +[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | | +| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | | +| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | | +| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | ✔️ | | | | +| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | | +[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | | | | +| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | | ✔️ | +| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✔️ | ✔️ | | ✔️ | +| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ | | | | +| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✔️ | ✔️ | | ✔️ | +| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | | ✔️ | +| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | | ✔️ | +PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | | +| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | | +| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | | ✔️ | +[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | ✔️ | | | | +| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | | +| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | | ✔️ | +| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | | +| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✔️ | | | | +| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ | | | | +| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✔️ | | | | +| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✔️ | | | | +[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️ | | | | ## Camera -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | ✔️ | | | +| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | | | ## Connectivity -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | ✔️ | | | ✔️ | -| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | ✔️ | | | ✔️ | -| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlyinng connections VPN is allowed to use. |✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | ✔️ | | ✔️ | -| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | ✔️ | | ✔️ | -| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✔️ | ✔️ | ✔️ | | ✔️ | +| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | | ✔️ | +| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | | ✔️ | +| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | | ✔️ | +| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✔️ | +| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✔️ | +| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlyinng connections VPN is allowed to use. |✔️ | ✔️ | | ✔️ | +| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | | ✔️ | +| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | | ✔️ | +| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✔️ | ✔️ | | ✔️ | ## CredentialProviders -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | ✔️ | | | | ## Cryptography -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | ✔️ | | | | -| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✔️ | ✔️ | | | | +| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | | | | +| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✔️ | | | | ## Defender +<<<<<<< Updated upstream | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | | [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | | | @@ -215,118 +216,148 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star | [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | | | | [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | | | | [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | | | +======= +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | :---: | +| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | | +| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✔️ | | | | +| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ | | | | +| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✔️ | | | | +| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ | | | | +| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✔️ | | | | +| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✔️ | | | | +| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✔️ | | | | +| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ | | | | +| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✔️ | | | | +| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✔️ | | | | +| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ | | | | +| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✔️ | | | | +| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defeder scan (in percent). | ✔️ | | | | +| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | | +| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore durinng a scan. Separate each file type in the list by using \|. | ✔️ | | | | +| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | | +| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore durinng a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | | +| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | | +| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | | +| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | | +| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ | | | | +| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✔️ | | | | +| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | | +| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | | +| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | | +>>>>>>> Stashed changes ## DeliveryOptimization -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ | | | | | -| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ | | | | | -| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ | | | | | -| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ | | | | | -| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ | | | | | -| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ | | | | | -| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ | | | | | -| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ | | | | | -| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ | | | | | -| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ | | | | | -| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity usinng Delivery Optimization. | ✔️ | | | | | -| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ | | | | | -| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ | | | | | -| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capabity in GB) for the device to use Peer Caching. | ✔️ | | | | | -| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ | | | | | -| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB requried to use Peer Caching. | ✔️ | | | | | -| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ | | | | | -| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ | | | | | -| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | -| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | -| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | -| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ | | | | | -| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | -| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ | | | | +| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ | | | | +| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ | | | | +| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ | | | | +| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ | | | | +| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ | | | | +| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ | | | | +| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ | | | | +| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ | | | | +| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ | | | | +| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity usinng Delivery Optimization. | ✔️ | | | | +| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ | | | | +| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ | | | | +| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capabity in GB) for the device to use Peer Caching. | ✔️ | | | | +| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ | | | | +| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB requried to use Peer Caching. | ✔️ | | | | +| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ | | | | +| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ | | | | +| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | +| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | +| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | +| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ | | | | +| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | +| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | ## DeviceGuard -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✔️ | | | | ## DeviceLock -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | ✔️ | | | | -| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | ✔️ | | | | -| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | ✔️ | | ✔️ | | -|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✔️ | ✔️ | | ✔️ | | -| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ | ✔️ | | ✔️ | | -| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ | ✔️ | | ✔️ | | -| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ | ✔️ | | ✔️ | | -| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ | ✔️ | | ✔️ | | -| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✔️ | ✔️ | | ✔️ | | -| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ | ✔️ | | ✔️ | | -| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ | ✔️ | | ✔️ | | -| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | ✔️ | | | | +| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | | | | +| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | | | | +| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | | ✔️ | | +|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✔️ | | ✔️ | | +| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ | | ✔️ | | +| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ | | ✔️ | | +| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ | | ✔️ | | +| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ | | ✔️ | | +| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✔️ | | ✔️ | | +| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ | | ✔️ | | +| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ | | ✔️ | | +| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | | | | ## DeviceManagement -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ | | | | ## Experience -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | ✔️ | | | | -| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | ✔️ | | ✔️ | | -| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | ✔️ | | | | -| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | ✔️ | | | | -| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✔️ | ✔️ | | ✔️ | | -| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | ✔️ | | | | -| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | ✔️ | | | | -| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ | ✔️ | | | | -| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ | | | | | -| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | ✔️ | | | | -| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ | | | | | -| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | ✔️ | | | | -| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | | | -| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✔️ | | | | | -| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | | | | | -| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ | | | | | -| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ | | | | | -| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ | | | | | +| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | | | | +| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | | ✔️ | | +| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | | | | +| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | | | | +| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✔️ | | ✔️ | | +| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | | | | +| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | | | | +| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ | | | | +| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ | | | | +| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | | | | +| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ | | | | +| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | | | | +| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | | +| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✔️ | | | | +| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | | | | +| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ | | | | +| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ | | | | +| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ | | | | ## ExploitGuard -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | ✔️ | | | | +| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | | | | ## Games -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ | | | | ## KioskBrowser These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../guidelines-for-assigned-access-app.md#guidelines-for-web-browsers). -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | | | +[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | | [BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ | | | | | -[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | | | -[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | | | -[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | | | -[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | | | -[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ | | | | | +[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | | +[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | | +[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | | +[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | | +[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ | | | | To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer: @@ -339,252 +370,258 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in ## LocalPoliciesSecurityOptions -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ | | | | | -| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ | | | | | -| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ | | | | | +| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ | | | | +| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ | | | | +| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ | | | | ## Location -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | | ## Power -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ | | | | | -| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ | | | | | -| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ | | | | | -| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ | | | | | -| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✔️ | | | | | -| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ | | | | | -| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ | | | | | -| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✔️ | | | | | -| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ | | | | | -| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ | | | | | -| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ | | | | | -| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ | | | | | -| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✔️ | | | | | -| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ | | | | | -| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ | | | | | -| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ | | | | | -| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ | | | | | -| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | | | -| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | | | -| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | | | -| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | ✔️ | | | | | -| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in. | ✔️ | | | | | +| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ | | | | +| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ | | | | +| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ | | | | +| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ | | | | +| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✔️ | | | | +| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ | | | | +| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ | | | | +| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✔️ | | | | +| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ | | | | +| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ | | | | +| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ | | | | +| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ | | | | +| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✔️ | | | | +| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ | | | | +| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ | | | | +| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ | | | | +| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ | | | | +| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | | +| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | | +| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | | +| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | ✔️ | | | | +| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in. | ✔️ | | | | ## Privacy -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | ✔️ | | | | -| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | ✔️ | | ✔️ | | +| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | | | | +| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | | ✔️ | | ## Search -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | ✔️ | | | | -[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | | | -| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | ✔️ | | | | -| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | ✔️ | | ✔️ | | -| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | ✔️ | | | | -| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.

- **Off** setting disables Windows indexer
- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)
- **Enterprise** setting reduces potential network loads for enterprises
- **Standard** setting is appropriate for consuemrs | ✔️ | ✔️ | | | | -| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | ✔️ | | | | -| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | ✔️ | | | | -| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | ✔️ | | | | -| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ | ✔️ | | | | -| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ | ✔️ | | | | -| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ | ✔️ | | | | -| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | ✔️ | | | | +[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | | | | +[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | | +| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | | +| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | | ✔️ | | +| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | | | | +| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.

- **Off** setting disables Windows indexer
- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)
- **Enterprise** setting reduces potential network loads for enterprises
- **Standard** setting is appropriate for consuemrs | ✔️ | | | | +| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | | | | +| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | | | | +| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | | | | +| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ | | | | +| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ | | | | +| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ | | | | +| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | | | | ## Security -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | ✔️ | | | | -| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | ✔️ | | | | -| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ | ✔️ | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ | ✔️ | | ✔️ | +| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | | | | +| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ | ✔️ | | ✔️ | +| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | | | | +| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ | ✔️ | ✔️ | ✔️ | +| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ | ✔️ | | ✔️ | +| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ | | | | ## Settings -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | ✔️ | | | | -| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | ✔️ | | | | -| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | ✔️ | | ✔️ | | -| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | | | -[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | | | | +| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | | | | +| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✔️ | | +| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | | +[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | | ## Start -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloadds shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloadds shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✔️ | | | | | +| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✔️ | | | | | -| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✔️ | | | | | -DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | | | -| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ | | | | | -| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ | | | | | -| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ | | | | | -| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | | | -| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | | | -| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | | | -| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | | | -| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | | | -| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | | | -| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | | | -| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ | | | | | -| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✔️ | | | | | -| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ | | | | | -| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ | | | | | -| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ | | | | | -| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✔️ | | | | | -| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✔️ | | | | | -| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ | | | | | -| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ | | | | | +| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✔️ | | | | +DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | | +| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ | | | | +| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ | | | | +| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ | | | | +| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | | +| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | | +| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | | +| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | | +| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | | +| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | | +| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | | +| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ | | | | +| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✔️ | | | | +| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ | | | | +| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ | | | | +| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ | | | | +| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✔️ | | | | +| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✔️ | | | | +| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ | | | | +| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ | | | | ## System -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | ✔️ | | | | -| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | ✔️ | | | | -| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | ✔️ | | ✔️ | | -| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ | ✔️ | | | | -ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✔️ | ✔️ | | | | -ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✔️ | ✔️ | | | | -| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | ✔️ | | | | -| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | ✔️ | | | | -| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | | | -| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | ✔️ | | | | +| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | | | | +| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | | ✔️ | +| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | | | | +| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ | ✔️ | | ✔️ | +| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | | ✔️ | | +| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ | | | | +ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✔️ | | | | +ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✔️ | | | | +| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | | | | +| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | | | | +| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | | +| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | | ## TextInput -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | | | -| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | ✔️ | | | | | -| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | | | -| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | | | -| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | | | -| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ | | | | | -| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | | | -| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | | | -| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | | +| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | ✔️ | | | | +| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | | +| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | | +| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | | +| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ | | | | +| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | | +| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | | +| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | | | AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | | | -| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | | -| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | | -| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | | +| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | +| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | +| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | ## TimeLanguageSettings -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | ✔️ | | | | +| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | | | | ## Update -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------:|:---------------:|:-----------:|:--------:|:--------:| -| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | ✔️ | | ✔️ | | ✔️ | -| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | ✔️ | | ✔️ | -| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| PhoneUpdateRestrictions | Deprecated | | ✔️ | | | | -| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | ✔️ | | ✔️ | -| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | ✔️ | | ✔️ | -| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | -| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ✔️ | +| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | ✔️ | ✔️ | | ✔️ | +| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ | +| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ | +| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | | ✔️ | +| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | | ✔️ | +| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ | +| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ | +| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | +| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ | +| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | | ✔️ | +| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ | +| PhoneUpdateRestrictions | Deprecated | | ✔️ | | | +| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | | ✔️ | +| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | | ✔️ | +| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | | ✔️ | +| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | | ✔️ | +| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | | ✔️ | +| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | | ✔️ | +| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | +| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ## WiFi -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ | ✔️ | | | | -| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ | ✔️ | | | | -| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | ✔️ | | | | -| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | ✔️ | | | | -| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ | | | | +| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ | | | | +| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | | | | +| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | | | | +| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ | | ✔️ | ## WindowsInkWorkspace -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ | | | | | -| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ | | | | | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ | | | | +| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ | | | | ## WindowsLogon -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | -| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ | | | | | +| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ | | | | ## WirelessDisplay +<<<<<<< Updated upstream | Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | :---: | | [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | ✔️ | | | | +======= +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | +| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | | | | +>>>>>>> Stashed changes diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md index 5904abff0c..425fab9796 100644 --- a/windows/configuration/wcd/wcd-privacy.md +++ b/windows/configuration/wcd/wcd-privacy.md @@ -17,9 +17,9 @@ Use **Privacy** to configure settings for app activation with voice. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | ✔️ | | ✔️ | ## LetAppsActivateWithVoice From 9a450d88bea60f2fcdfa6931b1db067e1d73bf9a Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 9 Nov 2021 11:07:14 +0530 Subject: [PATCH 13/79] part3 5548257 wcd-policies.md warnings fixed --- windows/configuration/wcd/wcd-policies.md | 77 +++++++---------------- 1 file changed, 21 insertions(+), 56 deletions(-) diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index ec5c1d2844..9bb5dc2f45 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -36,8 +36,8 @@ This section describes the **Policies** settings that you can configure in [prov ## ApplicationDefaults | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | +| --- | --- | :---: | :---: | :---: | :---: | +| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | | ## ApplicationManagement @@ -72,7 +72,7 @@ This section describes the **Policies** settings that you can configure in [prov ## BitLocker | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✔️ | | | | @@ -90,7 +90,7 @@ This section describes the **Policies** settings that you can configure in [prov ## Browser | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✔️ | | | | | [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✔️ | ✔️ | | ✔️ | | [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | | | | @@ -154,14 +154,14 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star ## Camera | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | | | ## Connectivity | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ | | [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | | ✔️ | | [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | | ✔️ | @@ -182,43 +182,14 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star ## Cryptography | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | | | | | [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✔️ | | | | ## Defender -<<<<<<< Updated upstream -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | | | -| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✔️ | | | | | -| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ | | | | | -| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✔️ | | | | | -| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ | | | | | -| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✔️ | | | | | -| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✔️ | | | | | -| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ | | | | | -| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✔️ | | | | | -| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✔️ | | | | | -| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ | | | | | -| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✔️ | | | | | -| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defeder scan (in percent). | ✔️ | | | | | -| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | | | -| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore durinng a scan. Separate each file type in the list by using \|. | ✔️ | | | | | -| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | | | -| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore durinng a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | | | -| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | | | -| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | | | -| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | | | -| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ | | | | | -| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✔️ | | | | | -| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | | | -| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | | | -| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | | | -======= | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | | | [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✔️ | | | | | [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ | | | | @@ -245,7 +216,6 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star | [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | | | [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | | | [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | | ->>>>>>> Stashed changes ## DeliveryOptimization @@ -285,7 +255,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star ## DeviceLock | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | | | | | [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | | | | | [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | | ✔️ | | @@ -311,7 +281,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star ## Experience | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | | | | | [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | | ✔️ | | | [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | | | | @@ -334,7 +304,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star ## ExploitGuard | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | | | | @@ -350,7 +320,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../guidelines-for-assigned-access-app.md#guidelines-for-web-browsers). | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | [BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | | [BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ | | | | | [DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | | @@ -371,7 +341,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in ## LocalPoliciesSecurityOptions | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ | | | | | [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ | | | | | [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ | | | | @@ -385,7 +355,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in ## Power | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ | | | | | [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ | | | | | [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ | | | | @@ -412,7 +382,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in ## Privacy | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | | | | | [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | | ✔️ | | @@ -420,7 +390,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in ## Search | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | [AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | | | | [AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | | | [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | | @@ -497,7 +467,7 @@ DisableContextMenus | Prevent context menus from being invoked in the Start menu ## System | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | | | | | [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | | ✔️ | | [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | | | | @@ -535,14 +505,14 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl ## TimeLanguageSettings | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | | | | ## Update | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------:|:---------------:|:-----------:|:--------:|:--------:| +|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------:|:---------------:|:-----------:|:--------:| | [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | ✔️ | ✔️ | | ✔️ | | [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ | | [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ | @@ -610,18 +580,13 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl ## WindowsLogon + | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| --- | --- | :---: | :---: | :---: | :---: | | [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ | | | | ## WirelessDisplay -<<<<<<< Updated upstream -| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | -| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | ✔️ | | | | -======= | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | | [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | | | | ->>>>>>> Stashed changes From 2aaea75d3fceb4401b3e21a7e29b062c90d6d70a Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 9 Nov 2021 12:50:02 +0530 Subject: [PATCH 14/79] part4-5548257 --- windows/configuration/wcd/wcd-provisioningcommands.md | 6 +++--- windows/configuration/wcd/wcd-sharedpc.md | 6 +++--- windows/configuration/wcd/wcd-smisettings.md | 6 +++--- windows/configuration/wcd/wcd-start.md | 2 +- windows/configuration/wcd/wcd-startupapp.md | 6 +++--- windows/configuration/wcd/wcd-startupbackgroundtasks.md | 6 +++--- windows/configuration/wcd/wcd-storaged3inmodernstandby.md | 6 +++--- windows/configuration/wcd/wcd-surfacehubmanagement.md | 6 +++--- windows/configuration/wcd/wcd-tabletmode.md | 6 +++--- windows/configuration/wcd/wcd-takeatest.md | 6 +++--- windows/configuration/wcd/wcd-time.md | 6 +++--- 11 files changed, 31 insertions(+), 31 deletions(-) diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md index 51ca4daddb..dab5b939b7 100644 --- a/windows/configuration/wcd/wcd-provisioningcommands.md +++ b/windows/configuration/wcd/wcd-provisioningcommands.md @@ -19,9 +19,9 @@ Use ProvisioningCommands settings to install Windows desktop applications using ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | For instructions on adding apps to provisioning packages, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md). diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md index 2cee7eec84..3dd25e3954 100644 --- a/windows/configuration/wcd/wcd-sharedpc.md +++ b/windows/configuration/wcd/wcd-sharedpc.md @@ -20,9 +20,9 @@ Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as t ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | ## AccountManagement diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md index f378d5f114..ed3dbc5df6 100644 --- a/windows/configuration/wcd/wcd-smisettings.md +++ b/windows/configuration/wcd/wcd-smisettings.md @@ -19,9 +19,9 @@ Use SMISettings settings to customize the device with custom shell, suppress Win ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | ## All settings in SMISettings diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index cd1ddd0c36..bebe2a9e3d 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -19,7 +19,7 @@ Use Start settings to apply a customized Start screen to devices. ## Applies to -| Setting | Desktop editions | Surface Hub | HoloLens | IoT Core | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | | StartLayout | ✔️ | | | | diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md index 84b5fbc1cd..49815cf169 100644 --- a/windows/configuration/wcd/wcd-startupapp.md +++ b/windows/configuration/wcd/wcd-startupapp.md @@ -19,8 +19,8 @@ Use StartupApp settings to configure the default app that will run on start for ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| Default | | | | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| Default | | | | ✔️ | Enter the [Application User Model ID (AUMID)](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app. \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md index 375b29173c..7d169c131d 100644 --- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md +++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md @@ -19,7 +19,7 @@ Documentation not available at this time. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | | ✔️ | diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md index bf25d4dfd0..d48b954521 100644 --- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md +++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md @@ -22,6 +22,6 @@ Use **StorageD3InModernStandby** to enable or disable low-power state (D3) durin ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | ✔️ | ✔️ | | ✔️ | \ No newline at end of file +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | ✔️ | | ✔️ | \ No newline at end of file diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md index d0492b9ac5..edf2a819ed 100644 --- a/windows/configuration/wcd/wcd-surfacehubmanagement.md +++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md @@ -24,9 +24,9 @@ Use SurfaceHubManagement settings to set the administrator group that will manag ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | ✔️ | | | ## GroupName diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md index 6f1c67bfb8..e97c3ebf6e 100644 --- a/windows/configuration/wcd/wcd-tabletmode.md +++ b/windows/configuration/wcd/wcd-tabletmode.md @@ -19,9 +19,9 @@ Use TabletMode to configure settings related to tablet mode. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | ✔️ | | | ## ConvertibleSlateModePromptPreference diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md index 0f3d22d642..f9f3708a13 100644 --- a/windows/configuration/wcd/wcd-takeatest.md +++ b/windows/configuration/wcd/wcd-takeatest.md @@ -19,9 +19,9 @@ Use TakeATest to configure the Take A Test app, a secure browser for test-taking ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | | ## AllowScreenMonitoring diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md index 1efcbc613a..259df9fdd1 100644 --- a/windows/configuration/wcd/wcd-time.md +++ b/windows/configuration/wcd/wcd-time.md @@ -17,9 +17,9 @@ Use **Time** to configure settings for time zone setup for Windows 10, version ( ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ | | | | ## ProvisionSetTimeZone From 858d2e7f18057cab069526d31036a7d2ea72b719 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 9 Nov 2021 14:48:12 +0530 Subject: [PATCH 15/79] part5-5548257 --- .../configuration/wcd/wcd-unifiedwritefilter.md | 6 +++--- .../configuration/wcd/wcd-universalappinstall.md | 14 +++++++------- .../configuration/wcd/wcd-universalappuninstall.md | 8 ++++---- .../configuration/wcd/wcd-usberrorsoemoverride.md | 6 +++--- windows/configuration/wcd/wcd-weakcharger.md | 8 ++++---- .../wcd/wcd-windowshelloforbusiness.md | 6 +++--- .../configuration/wcd/wcd-windowsteamsettings.md | 6 +++--- windows/configuration/wcd/wcd-wlan.md | 6 +++--- windows/configuration/wcd/wcd-workplace.md | 6 +++--- windows/configuration/wcd/wcd.md | 2 +- 10 files changed, 34 insertions(+), 34 deletions(-) diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md index 2463513137..c5586d1c3a 100644 --- a/windows/configuration/wcd/wcd-unifiedwritefilter.md +++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md @@ -40,9 +40,9 @@ The overlay doesn't mirror the entire volume. It dynamically grows to keep track ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | ✔️ | | | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | ✔️ | | | ✔️ | ## FilterEnabled diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md index 2085c5e99a..0822937da4 100644 --- a/windows/configuration/wcd/wcd-universalappinstall.md +++ b/windows/configuration/wcd/wcd-universalappinstall.md @@ -22,13 +22,13 @@ Use UniversalAppInstall settings to install Windows apps from the Microsoft Stor ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [DeviceContextApp](#devicecontextapp) | ✔️ | | ✔️ | | | -| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | | ✔️ | | | -| [StoreInstall](#storeinstall) | ✔️ | ✔️ | ✔️ | | ✔️ | -| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | ✔️ | | ✔️ | -| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [DeviceContextApp](#devicecontextapp) | ✔️ | ✔️ | | | +| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | ✔️ | | | +| [StoreInstall](#storeinstall) | ✔️ | ✔️ | | ✔️ | +| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | | ✔️ | +| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | | ✔️ | ## DeviceContextApp diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md index 0ae1ade853..625891ae05 100644 --- a/windows/configuration/wcd/wcd-universalappuninstall.md +++ b/windows/configuration/wcd/wcd-universalappuninstall.md @@ -20,10 +20,10 @@ Use UniversalAppUninstall settings to uninstall or remove Windows apps. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ | | | | | -| [Uninstall](#uninstall) | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ | | | | +| [Uninstall](#uninstall) | ✔️ | ✔️ | | ✔️ | ## RemoveProvisionedApp diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md index 9b4fc26665..3eb9975d01 100644 --- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md +++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md @@ -20,9 +20,9 @@ Allows an OEM to hide the USB option UI in Settings and all USB device errors. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | ✔️ | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | | ## HideUsbErrorNotifyOptionUI diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md index 0f57e581fd..ce9f3ab265 100644 --- a/windows/configuration/wcd/wcd-weakcharger.md +++ b/windows/configuration/wcd/wcd-weakcharger.md @@ -20,10 +20,10 @@ Use WeakCharger settings to configure the charger notification UI. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | ✔️ | | | -| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | | | +| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | | | ## HideWeakChargerNotifyOptionUI diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md index d000b9facc..fc0d8fbd54 100644 --- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md +++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md @@ -19,9 +19,9 @@ Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for ## Applies to -| Setting groups | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [SecurityKeys](#securitykeys) | ✔️ | | | | | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [SecurityKeys](#securitykeys) | ✔️ | | | | ## SecurityKeys diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md index a4e82b4a0e..9307518bf1 100644 --- a/windows/configuration/wcd/wcd-windowsteamsettings.md +++ b/windows/configuration/wcd/wcd-windowsteamsettings.md @@ -20,9 +20,9 @@ Use WindowsTeamSettings settings to configure Surface Hub. ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | ✔️ | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | ✔️ | | | ## Connect diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md index 2a746063eb..8b931bc90a 100644 --- a/windows/configuration/wcd/wcd-wlan.md +++ b/windows/configuration/wcd/wcd-wlan.md @@ -20,7 +20,7 @@ Do not use at this time. Instead, use [ConnectivityProfiles > WLAN](wcd-connecti ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| All settings | | | | | | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| All settings | | | | | diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md index 48f7826dc9..e810f28679 100644 --- a/windows/configuration/wcd/wcd-workplace.md +++ b/windows/configuration/wcd/wcd-workplace.md @@ -20,9 +20,9 @@ Use Workplace settings to configure bulk user enrollment to a mobile device mana ## Applies to -| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | -| [Enrollments](#enrollments) | ✔️ | ✔️ | ✔️ | | ✔️ | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | :---: | :---: | :---: | :---: | +| [Enrollments](#enrollments) | ✔️ | ✔️ | | ✔️ | ## Enrollments diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md index 0d09e59143..952a247ff3 100644 --- a/windows/configuration/wcd/wcd.md +++ b/windows/configuration/wcd/wcd.md @@ -18,7 +18,7 @@ This section describes the settings that you can configure in [provisioning pack ## Edition that each group of settings applies to -| Setting group | Desktop editions | Surface Hub | HoloLens | IoT Core | +| Setting group | Windows client | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | | [AccountManagement](wcd-accountmanagement.md) | | | ✔️ | | | [Accounts](wcd-accounts.md) | ✔️ | ✔️ | ✔️ | ✔️ | From 108c5724c5fd6d26532eafbad120bf75d92bca4a Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 9 Nov 2021 16:49:19 +0530 Subject: [PATCH 16/79] review changes --- windows/configuration/wcd/wcd-connections.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md index ac13c5b95d..5c59173b68 100644 --- a/windows/configuration/wcd/wcd-connections.md +++ b/windows/configuration/wcd/wcd-connections.md @@ -20,7 +20,7 @@ Use to configure settings related to various types of phone connections. ## Applies to | Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | +| --- | :---: | :---: | :---: | :---: | | All settings | ✔️ | ✔️ | | | From 1b6e48eb727921568b53017ec167d343a1ee0034 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 9 Nov 2021 17:02:28 +0530 Subject: [PATCH 17/79] review changes --- windows/configuration/wcd/wcd-developersetup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md index 54acfa4e05..361aafb35e 100644 --- a/windows/configuration/wcd/wcd-developersetup.md +++ b/windows/configuration/wcd/wcd-developersetup.md @@ -19,7 +19,7 @@ Use to unlock developer mode on HoloLens devices and configure authentication to ## Applies to -| Setting groups | Windows client | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | | [EnableDeveloperMode](#enabledevelopermode) | | | ✔️ | | | [AuthenticationMode](#authenticationmode) | | | ✔️ | | From 8643fa1cf3ddfe1cde6b00590185d5940447da87 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Tue, 9 Nov 2021 16:41:34 +0500 Subject: [PATCH 18/79] Update wdsc-app-browser-control.md --- .../wdsc-app-browser-control.md | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md index acfa2cee01..d9747dc21d 100644 --- a/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md +++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-app-browser-control.md @@ -37,14 +37,11 @@ You can prevent users from modifying settings in the Exploit protection area. Th You can only prevent users from modifying Exploit protection settings by using Group Policy. > [!IMPORTANT] -> -> ### Requirements -> > You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**. -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. +2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**. 3. Expand the tree to **Windows components > Windows Security > App and browser protection**. @@ -59,14 +56,11 @@ You can choose to hide the entire section by using Group Policy. The section wil This can only be done in Group Policy. > [!IMPORTANT] -> -> ### Requirements -> -> You must have Windows 10, version 1709 (the Fall Creators Update). The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. +> You must have Windows 10, version 1709 or later. The ADMX/ADML template files for earlier versions of Windows do not include these Group Policy settings. 1. On your Group Policy management machine, open the [Group Policy Management Console](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc731212(v=ws.11)), right-click the Group Policy Object you want to configure and click **Edit**. -2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**. +2. In the **Group Policy Management Editor** go to **Computer configuration**, select **Policies** and then **Administrative templates**. 3. Expand the tree to **Windows components > Windows Security > App and browser protection**. @@ -77,4 +71,4 @@ This can only be done in Group Policy. > [!NOTE] > If you hide all sections then the app will show a restricted interface, as in the following screenshot: > -> ![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png) \ No newline at end of file +> ![Windows Security app with all sections hidden by Group Policy.](images/wdsc-all-hide.png) From 08d1d63371827e50e75b826dbc74e59b254057a7 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Tue, 9 Nov 2021 17:36:03 +0530 Subject: [PATCH 19/79] self review changes --- windows/configuration/wcd/wcd-networkproxy.md | 2 +- windows/configuration/wcd/wcd-oobe.md | 2 +- windows/configuration/wcd/wcd-policies.md | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md index 1208a335d7..957bc2abd1 100644 --- a/windows/configuration/wcd/wcd-networkproxy.md +++ b/windows/configuration/wcd/wcd-networkproxy.md @@ -18,7 +18,7 @@ Use for settings related to NetworkProxy. ## Applies to -| Setting | Windows client | Mobile editions | Surface Hub | HoloLens | IoT Core | +| Setting | Windows client | Surface Hub | HoloLens | IoT Core | | --- | :---: | :---: | :---: | :---: | | All settings | | ✔️ | | | diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md index e7f5dac2de..23bd9ea316 100644 --- a/windows/configuration/wcd/wcd-oobe.md +++ b/windows/configuration/wcd/wcd-oobe.md @@ -19,7 +19,7 @@ Use to configure settings for the [Out Of Box Experience (OOBE)](/windows-hardwa ## Applies to | Setting | Windows client | Surface Hub | HoloLens | IoT Core | -| --- | :---: | :---: | :---: | :---: | :---: | +| --- | :---: | :---: | :---: | :---: | | [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️ | | | | | [Desktop > HideOobe](#hided) | ✔️ | | | | | [Mobile > EnforceEnterpriseProvisioning](#nforce) | | | | | diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 9bb5dc2f45..5f2b24e7d5 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -43,12 +43,12 @@ This section describes the **Policies** settings that you can configure in [prov ## ApplicationManagement -| Setting | Description | Windows client | Mobile editions | Surface Hub | HoloLens | IoT Core | -| --- | --- | :---: | :---: | :---: | :---: | :---: | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +| --- | --- | :---: | :---: | :---: | :---: | | [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | | | ✔️ | | [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | | | ✔️ | | [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | ✔️ | | | | | +| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | ✔️ | | | | | [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | | | | | [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | | | [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | | | | From 4b6794ec3e4f7008e876076e9313dee94b747d70 Mon Sep 17 00:00:00 2001 From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com> Date: Wed, 10 Nov 2021 10:32:51 +0500 Subject: [PATCH 20/79] Update windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../deployment/deploy-wdac-policies-with-script.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md index 817a23cb09..4368a1ce60 100644 --- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md +++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md @@ -98,4 +98,4 @@ In addition to the steps outlined above, the binary policy file must also be cop Copy-Item -Path $PolicyBinary -Destination $EFIDestinationFolder -Force ``` -3. Reboot the system. +3. Restart the system. From 6f8104efdb936304d693f0d639d2fd666b9ab4b8 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 10 Nov 2021 11:46:45 +0530 Subject: [PATCH 21/79] 5548201-htmltableconvertupdate-batch02 --- .../app-v/appv-performance-guidance.md | 416 +--- ...plications-inside-a-virtual-environment.md | 45 +- ...ppv-using-the-client-management-console.md | 46 +- ...viewing-appv-server-publishing-metadata.md | 92 +- ...eshooting-wireless-network-connectivity.md | 18 +- .../client-management/mdm/applocker-csp.md | 638 +---- windows/client-management/mdm/assign-seats.md | 120 +- ...e-active-directory-integration-with-mdm.md | 588 +---- .../mdm/browserfavorite-csp.md | 40 +- ...bulk-assign-and-reclaim-seats-from-user.md | 101 +- .../mdm/cellularsettings-csp.md | 31 +- .../mdm/cm-cellularentries-csp.md | 73 +- windows/client-management/mdm/cmpolicy-csp.md | 205 +- .../mdm/cmpolicyenterprise-csp.md | 207 +- ...onfiguration-service-provider-reference.md | 2144 +++-------------- 15 files changed, 787 insertions(+), 3977 deletions(-) diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index 392ba61769..3b15cb36d4 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -70,201 +70,48 @@ Use the information in the following section for more information: [Enhancing the VDI Experience through Performance Optimization/Tuning](#bkmk-evdi) -### Applicability Checklist +### Applicability Checklist -Deployment Environment +|Checklist|Deployment Environment| +|--- |--- | +|![Checklist box](images/checklistbox.gif)|Non-Persistent VDI or RDSH.| +|![Checklist box](images/checklistbox.gif)|User Experience Virtualization (UE-V), other UPM solutions or User Profile Disks (UPD).| - ---- - - - - - - - - - - -
Checklist box

Non-Persistent VDI or RDSH.

Checklist box

User Experience Virtualization (UE-V), other UPM solutions or User Profile Disks (UPD).

+|Checklist|Expected Configuration| +|--- |--- | +|![Checklist box](images/checklistbox.gif)|User Experience Virtualization (UE-V) with the App-V user state template enabled or User Profile Management (UPM) software. Non-UE-V UPM software must be capable of triggering on Login or Process/Application Start and Logoff.| +|![Checklist box](images/checklistbox.gif)|App-V Shared Content Store (SCS) is configured or can be configured.| - -Expected Configuration +|Checklist|IT Administration| +|--- |--- | +|![Checklist box](images/checklistbox.gif)|Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.| - ---- - - - - - - - - - - -
Checklist box

User Experience Virtualization (UE-V) with the App-V user state template enabled or User Profile Management (UPM) software. Non-UE-V UPM software must be capable of triggering on Login or Process/Application Start and Logoff.

Checklist box

App-V Shared Content Store (SCS) is configured or can be configured.

- - - -IT Administration - - ---- - - - - - - -
Checklist box

Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.

- - - -### Usage Scenarios +### Usage Scenarios As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both. - ---- - - - - - - - - - - - - -
Optimized for PerformanceOptimized for Storage

To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.

-

The following describes many performance improvements in stateful non-persistent deployments. For more information, see Sequencing Steps to Optimize Packages for Publishing Performance later in this topic.

The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

-

The impact of this alteration is detailed in the User Experience Walk-through section of this document.

+|Optimized for Performance|Optimized for Storage| +|--- |--- | +|To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.

The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.|The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.| - - -### Preparing your Environment +### Preparing your Environment The following table displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach. **Prepare the Base Image** - ---- - - - - - - - - - - - - -
Optimized for PerformanceOptimized for Storage

-
    -

  • Enable the App-V client as described in Enable the App-V in-box client.

    • -

  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.

    • -

  • Configure for Shared Content Store (SCS) mode. For more information see Deploying the App-V Sequencer and Configuring the Client.

    • -

  • Configure Preserve User Integrations on Login Registry DWORD.

    • -

  • Pre-configure all user- and global-targeted packages for example, Add-AppvClientPackage.

    • -

  • Pre-configure all user- and global-targeted connection groups for example, Add-AppvClientConnectionGroup.

    • -

  • Pre-publish all global-targeted packages.

    -

    -

    Alternatively,

    -
      -

    • Perform a global publishing/refresh.

      • -

    • Perform a user publishing/refresh.

      • -

    • Un-publish all user-targeted packages.

      • -

    • Delete the following user-Virtual File System (VFS) entries.

      • -
    -

    AppData\Local\Microsoft\AppV\Client\VFS

    -

    AppData\Roaming\Microsoft\AppV\Client\VFS

    • -

-
    -

  • Enable the App-V client as described in Enable the App-V in-box client.

    • -

  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.

    • -

  • Configure for Shared Content Store (SCS) mode. For more information see Deploying the App-V Sequencer and Configuring the Client.

    • -

  • Configure Preserve User Integrations on Login Registry DWORD.

    • -

  • Pre-configure all global-targeted packages for example, Add-AppvClientPackage.

    • -

  • Pre-configure all global-targeted connection groups for example, Add-AppvClientConnectionGroup.

    • -

  • Pre-publish all global-targeted packages.

    -

    • -
- - +|Optimized for Performance|Optimized for Storage| +|--- |--- | +|
  • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
  • Configure for Shared Content Store (SCS) mode. For more information see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
  • Configure Preserve User Integrations on Login Registry DWORD.
  • Pre-configure all user- and global-targeted packages for example, **Add-AppvClientPackage**.
  • Pre-configure all user- and global-targeted connection groups for example, **Add-AppvClientConnectionGroup**.
  • Pre-publish all global-targeted packages.
    Alternatively,
  • Perform a global publishing/refresh.
  • Perform a user publishing/refresh.
  • Un-publish all user-targeted packages.
  • Delete the following user-Virtual File System (VFS) entries
    AppData\Local\Microsoft\AppV\Client\VFS
    AppData\Roaming\Microsoft\AppV\Client\VFS|
  • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
  • Configure for Shared Content Store (SCS) mode. For more information see Deploying the
  • App-V Sequencer and Configuring the Client.
  • Configure Preserve User Integrations on Login Registry DWORD.
  • Pre-configure all global-targeted packages for example,** Add-AppvClientPackage**.
  • Pre-configure all global-targeted connection groups for example, **Add-AppvClientConnectionGroup**.
  • Pre-publish all global-targeted packages.| **Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information: - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
    Configuration SettingWhat does this do?How should I use it?

    Shared Content Store (SCS) Mode

    -

    When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).

    -

    This helps to conserve local storage and minimize disk I/O per second (IOPS).

    This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.

    PreserveUserIntegrationsOnLogin

    -
      -

    • Configure in the Registry under HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration.

      • -

    • Create the DWORD value PreserveUserIntegrationsOnLogin with a value of 1.

      • -

    • Restart the App-V client service or restart the computer running the App-V Client.

      • -

    If you have not pre-configured (Add-AppvClientPackage) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then re-integrate*.

    -

    For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.

    If you don’t plan to pre-configure every available user package in the base image, use this setting.

    MaxConcurrentPublishingRefresh

    -
      -

    • Configure in the Registry under HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Publishing.

      • -

    • Create the DWORD value MaxConcurrentPublishingrefresh with the desired maximum number of concurrent publishing refreshes.

      • -

    • The App-V client service and computer do not need to be restarted.

      • -

    This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.

    Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.

    -

    If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.

    - - +|Configuration Setting|What does this do?|How should I use it?| +|--- |--- |--- | +|Shared Content Store (SCS) Mode
  • Configurable in Windows PowerShell with Set-AppvClientConfiguration -SharedContentStoreMode 1
    or configurable with Group Policy, as described in [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).|When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).
    This helps to conserve local storage and minimize disk I/O per second (IOPS).|This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.| +|PreserveUserIntegrationsOnLogin
  • Configure in the Registry under **HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration**.
  • Create the DWORD value **PreserveUserIntegrationsOnLogin** with a value of 1.
  • Restart the App-V client service or restart the computer running the App-V Client.|If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then re-integrate*.
    For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.|If you don’t plan to pre-configure every available user package in the base image, use this setting.| +|MaxConcurrentPublishingRefresh
  • Configure in the Registry under **HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Publishing**.
  • Create the DWORD value **MaxConcurrentPublishingrefresh** with the desired maximum number of concurrent publishing refreshes.
  • The App-V client service and computer do not need to be restarted.|This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.|Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.
    If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.| ### Configure UE-V solution for App-V Approach @@ -355,83 +202,14 @@ Registry – HKEY\_CURRENT\_USER This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect. - ---- - - - - - - - - - - - - -
    Optimized for PerformanceOptimized for Storage

    After implementing this approach in the VDI/RDSH environment, on first login,

    -
      -

    • (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.

      • -

    • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.

      • -
    -

    On subsequent logins:

    -
      -

    • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.

      -

      (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.

      • -

    • (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications

      • -

    • (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous.

      • -
    -

    ¹ The publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.

    After implementing this approach in the VDI/RDSH environment, on first login,

    -
      -

    • (Operation) A user-publishing/refresh is initiated. (Expectation)

      -
        -

      • If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.

        • -

      • First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).

        -

        • -
      • -

    • (Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state

      • -
    -

    On subsequent logins:

    -
      -

    • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.

      • -

    • (Operation) Add/refresh must pre-configure all user targeted applications. (Expectation)

      -
        -

      • This may increase the time to application availability significantly (on the order of 10’s of seconds).

        • -

      • This will increase the publishing refresh time relative to the number and complexity* of virtual applications.

        -

        • -
      • -

    • (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.

      • -
    +|Optimized for Performance|Optimized for Storage| +|--- |--- | +|After implementing this approach in the VDI/RDSH environment, on first login,
  • (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.
  • (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
  • (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.

    On subsequent logins:
  • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
  • (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.
  • (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements.
  • (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications
  • (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous.

    ¹ The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.|After implementing this approach in the VDI/RDSH environment, on first login
  • (Operation) A user-publishing/refresh is initiated. (Expectation)
    • If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.
    • First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).
  • (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
  • (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.

    On subsequent logins:
  • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
  • (Operation) Add/refresh must pre-configure all user targeted applications.
    • (Expectation) This may increase the time to application availability significantly (on the order of 10’s of seconds).
    • This will increase the publishing refresh time relative to the number and complexity* of virtual applications.
  • (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.| - +|Outcome|Outcome| +|--- |--- | +|Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.

    The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.|Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.| - ---- - - - - - - - - - - - - -
    OutcomeOutcome

    -
      -

    • Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.

      • -

    • The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.

      • -

    Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.

    - - ### Impact to Package Life Cycle @@ -489,36 +267,9 @@ Server Performance Tuning Guidelines for Several App-V features facilitate new scenarios or enable new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations. - ------ - - - - - - - - - - - - - - - - -
    StepConsiderationBenefitsTradeoffs

    No Feature Block 1 (FB1, also known as Primary FB)

    No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:

    -
      -

    • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.

      • -

    • Delay launch until the entire FB1 has been streamed.

      • -

    Stream faulting decreases the launch time.

    Virtual application packages with FB1 configured will need to be re-sequenced.

    - - +|Step|Consideration|Benefits|Tradeoffs| +|--- |--- |--- |--- | +|No Feature Block 1 (FB1, also known as Primary FB)|No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:
  • Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.
  • Delay launch until the entire FB1 has been streamed.|Stream faulting decreases the launch time.|Virtual application packages with FB1 configured will need to be re-sequenced.| ### Removing FB1 @@ -555,36 +306,12 @@ Removing FB1 does not require the original application installer. After completi "C:\\UpgradedPackages" **Note**   - This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. + This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. - +|Step|Considerations|Benefits|Tradeoffs| +|--- |--- |--- |--- | +|No SXS Install at Publish (Pre-Install SxS assemblies)|Virtual Application packages do not need to be re-sequenced. SxS Assemblies can remain in the virtual application package.|The SxS Assembly dependencies will not install at publishing time.|SxS Assembly dependencies must be pre-installed.| - ------ - - - - - - - - - - - - - - - - -
    StepConsiderationsBenefitsTradeoffs

    No SXS Install at Publish (Pre-Install SxS assemblies)

    Virtual Application packages do not need to be re-sequenced. SxS Assemblies can remain in the virtual application package.

    The SxS Assembly dependencies will not install at publishing time.

    SxS Assembly dependencies must be pre-installed.

    - - ### Creating a new virtual application package on the sequencer @@ -594,33 +321,9 @@ If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is ins When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Installer (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur. - ------ - - - - - - - - - - - - - - - - -
    StepConsiderationsBenefitsTradeoffs

    Selectively Employ Dynamic Configuration files

    The App-V client must parse and process these Dynamic Configuration files.

    -

    Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.

    -

    Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.

    Publishing times will improve if these files are used selectively or not at all.

    Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.

    - +|Step|Considerations|Benefits|Tradeoffs| +|--- |--- |--- |--- | +|Selectively Employ Dynamic Configuration files|The App-V client must parse and process these Dynamic Configuration files.

    Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.

    Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.|Publishing times will improve if these files are used selectively or not at all.|Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.| ### Disabling a Dynamic Configuration by using Windows PowerShell @@ -639,39 +342,10 @@ For documentation on How to Apply a Dynamic Configuration, see: - [How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md) - ------ - - - - - - - - - - - - - - - - - - - - - - -
    StepConsiderationsBenefitsTradeoffs

    Account for Synchronous Script Execution during Package Lifecycle.

    If script collateral is embedded in the package, Add cmdlets may be significantly slower.

    -

    Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.

    Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.

    This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.

    Remove Extraneous Virtual Fonts from Package.

    The majority of applications investigated by the App-V product team contained a small number of fonts, typically fewer than 20.

    Virtual Fonts impact publishing refresh performance.

    Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.

    - - +|Step|Considerations|Benefits|Tradeoffs| +|--- |--- |--- |--- | +|Account for Synchronous Script Execution during Package Lifecycle.|If script collateral is embedded in the package, Add cmdlets may be significantly slower.
    Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.|Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.|This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.| +|Remove Extraneous Virtual Fonts from Package.|The majority of applications investigated by the App-V product team contained a small number of fonts, typically fewer than 20.|Virtual Fonts impact publishing refresh performance.|Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.| ### Determining what virtual fonts exist in the package diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md index b22a3ebbce..6dba0901d2 100644 --- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md +++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md @@ -54,46 +54,11 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo 1. Using the information in the following table, create a new registry key using the name of the executable file, for example, **MyApp.exe**. - - - - - - - - - - - - - - - - - - - - - - - - - -
    Package publishing methodWhere to create the registry key

    Published globally

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual

    -

    Example: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe

    Published to the user

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual

    -

    Example: HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe

    Connection group can contain:

    -
      -

    • Packages that are published just globally or just to the user

      • -

    • Packages that are published globally and to the user

      • -

    Either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER key, but all of the following must be true:

    -
      -

    • If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.

      • -

    • Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.

      • -

    • The key under which you create the subkey must match the publishing method you used for the package.

      -

      For example, if you published the package to the user, you must create the subkey under HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual. Do not add a key for the same application under both hives.

      • -
    - -   + |Package publishing method|Where to create the registry key| + |--- |--- | + |Published globally|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual
    **Example:**
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe| + |Published to the user|HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual
    **Example:**
    HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe| + |Connection group can contain:
  • Packages that are published just globally or just to the user
  • Packages that are published globally and to the user|Either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER key, but all of the following must be true:
  • If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.
  • Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.
  • The key under which you create the subkey must match the publishing method you used for the package.
  • For example, if you published the package to the user, you must create the subkey underHKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual. Do not add a key for the same application under both hives.| 2. Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore. diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md index 4d7ae4ff1a..a21128f036 100644 --- a/windows/application-management/app-v/appv-using-the-client-management-console.md +++ b/windows/application-management/app-v/appv-using-the-client-management-console.md @@ -42,47 +42,11 @@ You can obtain information about the App-V client or perform specific tasks by u The client management console contains the following described main tabs. - ---- - - - - - - - - - - - - - - - - - - - - -
    TabDescription

    Overview

    The Overview tab contains the following elements:

    -
      -

    • Update – Use the Update tile to refresh a virtualized application or to receive a new virtualized package.

      -

      The Last Refresh displays the current version of the virtualized package.

      • -

    • Download all virtual applications – Use the Download tile to download all of the packages provisioned to the current user.

      -

      (Associated Windows PowerShell cmdlet: Mount-AppvClientPackage)

      -

      • -

    • Work Offline – Use this tile to disallow all automatic and manual virtual application updates.

      -

      (Associated Windows PowerShell cmdlet: Set-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled)

      • -

    Virtual Apps

    The VIRTUAL APPS tab displays all of the packages that have been published to the user. You can also click a specific package and see all of the applications that are part of that package. This displays information about packages that are currently in use and how much of each package has been downloaded to the computer. You can also start and stop package downloads. Additionally, you can repair the user state. A repair will delete all user data that is associated with a package.

    -

    App Connection Groups

    The APP CONNECTION GROUPS tab displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group.

    -

    (Associated Windows PowerShell cmdlets: Download - Mount-AppvClientConnectionGroup. Repair -AppvClientConnectionGroup.)

    -

    - - - +|Tab|Description| +|--- |--- | +|Overview|The **Overview** tab contains the following elements:
  • Update – Use the Update tile to refresh a virtualized application or to receive a new virtualized package.
  • The **Last Refresh** displays the current version of the virtualized package.
  • Download all virtual applications – Use the Download tile to download all of the packages provisioned to the current user.
    (Associated Windows PowerShell cmdlet: **Mount-AppvClientPackage**)
  • Work Offline – Use this tile to disallow all automatic and manual virtual application updates.
    (Associated Windows PowerShell cmdlet: **-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled**)| +|Virtual Apps|The **VIRTUAL APPS** tab displays all of the packages that have been published to the user. You can also click a specific package and see all of the applications that are part of that package. This displays information about packages that are currently in use and how much of each package has been downloaded to the computer. You can also start and stop package downloads. Additionally, you can repair the user state. A repair will delete all user data that is associated with a package.| +|App Connection Groups|The **APP CONNECTION GROUPS** tab displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group.
    (Associated Windows PowerShell cmdlets: Download - **Mount-AppvClientConnectionGroup**. Repair - **AppvClientConnectionGroup**.)|
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md index eebe3e0c35..80a68fbed3 100644 --- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md +++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md @@ -77,84 +77,20 @@ To get the name of the Publishing server and the port number (`http:// - - - - - - - -Operating system -Architecture -String value - - - - -

    Windows 10/11

    -

    64-bit

    -

    WindowsClient_10.0_x64

    - - -

    Windows 10/11

    -

    32-bit

    -

    WindowsClient_10.0_x86

    - - -

    Windows 8.1

    -

    64-bit

    -

    WindowsClient_6.2_x64

    - - -

    Windows 8.1

    -

    32-bit

    -

    WindowsClient_6.2_x86

    - - -

    Windows 8

    -

    64-bit

    -

    WindowsClient_6.2_x64

    - - -

    Windows 8

    -

    32-bit

    -

    WindowsClient_6.2_x86

    - - -

    Windows Server 2012 R2

    -

    64-bit

    -

    WindowsServer_6.2_x64

    - - -

    Windows Server 2012 R2

    -

    32-bit

    -

    WindowsServer_6.2_x86

    - - -

    Windows Server 2012

    -

    64-bit

    -

    WindowsServer_6.2_x64

    - - -

    Windows Server 2012

    -

    32-bit

    -

    WindowsServer_6.2_x86

    - - -

    Windows Server 2008 R2

    -

    64-bit

    -

    WindowsServer_6.1_x64

    - - -

    Windows Server 2008 R2

    -

    32-bit

    -

    WindowsServer_6.1_x86

    - - - - - +|Operating system|Architecture|String value| +|--- |--- |--- | +|Windows 10/11|64-bit|WindowsClient_10.0_x64| +|Windows 10/11|32-bit|WindowsClient_10.0_x86| +|Windows 8.1|64-bit|WindowsClient_6.2_x64| +|Windows 8.1|32-bit|WindowsClient_6.2_x86| +|Windows 8|64-bit|WindowsClient_6.2_x64| +|Windows 8|32-bit|WindowsClient_6.2_x86| +|Windows Server 2012 R2|64-bit|WindowsServer_6.2_x64| +|Windows Server 2012 R2|32-bit|WindowsServer_6.2_x86| +|Windows Server 2012|64-bit|WindowsServer_6.2_x64| +|Windows Server 2012|32-bit|WindowsServer_6.2_x86| +|Windows Server 2008 R2|64-bit|WindowsServer_6.1_x64| +|Windows Server 2008 R2|32-bit|WindowsServer_6.1_x86|
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). diff --git a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md index 57d2cc10a8..dbbd9f0fd8 100644 --- a/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md +++ b/windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md @@ -85,17 +85,13 @@ See the [example ETW capture](#example-etw-capture) at the bottom of this articl The following is a high-level view of the main wifi components in Windows. - - - - - - -
    Windows Connection ManagerThe Windows Connection Manager (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service.
    WLAN Autoconfig ServiceThe WLAN Autoconfig Service (WlanSvc) handles the following core functions of wireless networks in windows: - -- Scanning for wireless networks in range -- Managing connectivity of wireless networks
    Media Specific ModuleThe Media Specific Module (MSM) handles security aspects of connection being established.
    Native WiFi stackThe Native WiFi stack consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.
    Wireless miniportThird-party wireless miniport drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.
    - +|Wi-fi Components|Description| +|--- |--- | +|![Windows Connection Manager](images/wcm.png)|The Windows Connection Manager (Wcmsvc) is closely associated with the UI controls (taskbar icon) to connect to various networks, including wireless networks. It accepts and processes input from the user and feeds it to the core wireless service.| +|![WLAN Autoconfig Service](images/wlan.png)|The WLAN Autoconfig Service (WlanSvc) handles the following core functions of wireless networks in windows:
  • Scanning for wireless networks in range
  • Managing connectivity of wireless networks| +|![Media Specific Module](images/msm.png)|The Media Specific Module (MSM) handles security aspects of connection being established.| +|![Native WiFi stack](images/wifi-stack.png)|The Native WiFi stack consists of drivers and wireless APIs to interact with wireless miniports and the supporting user-mode Wlansvc.| +|![Wireless miniport](images/miniport.png)|Third-party wireless miniport drivers interface with the upper wireless stack to provide notifications to and receive commands from Windows.| The wifi connection state machine has the following states: - Reset diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 5669fcf0f8..2de0a4123d 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -276,36 +276,11 @@ Supported operations are Get, Add, Delete, and Replace. The following table shows the mapping of information to the AppLocker publisher rule field. - ---- - - - - - - - - - - - - - - - - - - - - -
    Device portal dataAppLocker publisher rule field

    PackageFullName

    ProductName

    -

    The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.

    Publisher

    Publisher

    Version

    Version

    -

    This can be used either in the HighSection or LowSection of the BinaryVersionRange.

    -

    HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version- independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.

    - +|Device portal data|AppLocker publisher rule field| +|--- |--- | +|PackageFullName|ProductName
    The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.| +|Publisher|Publisher| +|Version|Version

    This can be used either in the HighSection or LowSection of the BinaryVersionRange.

    HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version- independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.| Here is an example AppLocker publisher rule: @@ -325,21 +300,11 @@ You can get the publisher name and product name of apps using a web API. 3. In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. - - - - - - - - - - - - - - -
    Request URI

    https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata

    +Request URI: + +```http +https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata +``` Here is the example for Microsoft OneNote: @@ -360,35 +325,11 @@ Result } ``` - ---- - - - - - - - - - - - - - - - - - - - - -
    Result dataAppLocker publisher rule field

    packageIdentityName

    ProductName

    publisherCertificateName

    Publisher

    windowsPhoneLegacyId

    Same value maps to the ProductName and Publisher name

    -

    This value will only be present if there is a XAP package associated with the app in the Store.

    -

    If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.

    - +|Result data|AppLocker publisher rule field| +|--- |--- | +|packageIdentityName|ProductName| +|publisherCertificateName|Publisher| +|windowsPhoneLegacyId|Same value maps to the ProductName and Publisher name.

    This value will only be present if there is a XAP package associated with the app in the Store.

    If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and another one using the windowsPhoneLegacyId value.| ## Settings apps that rely on splash apps @@ -428,464 +369,97 @@ The following list shows the apps that may be included in the inbox. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    AppProduct IDProduct name
    3D Viewerf41647c9-d567-4378-b2ab-7924e5a152f3Microsoft.Microsoft3DViewer

    (Added in Windows 10, version 1703)

    Advanced infob6e3e590-9fa5-40c0-86ac-ef475de98e88b6e3e590-9fa5-40c0-86ac-ef475de98e88
    Age out worker09296e27-c9f3-4ab9-aa76-ecc4497d94bb
    Alarms and clock44f7d2b4-553d-4bec-a8b7-634ce897ed5fMicrosoft.WindowsAlarms
    App downloads20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac
    Assigned access lock appb84f4722-313e-4f85-8f41-cf5417c9c5cb
    Bing lock images5f28c179-2780-41df-b966-27807b8de02c
    Block and filter59553c14-5701-49a2-9909-264d034deb3d
    Broker plug-in (same as Work or school account)Microsoft.AAD.BrokerPlugin
    Calculatorb58171c6-c70c-4266-a2e8-8f9c994f4456Microsoft.WindowsCalculator
    Cameraf0d8fefd-31cd-43a1-a45a-d0276db069f1Microsoft.WindowsCamera
    CertInstaller4c4ad968-7100-49de-8cd1-402e198d869e
    Color profileb08997ca-60ab-4dce-b088-f92e9c7994f3
    Connectaf7d2801-56c0-4eb1-824b-dd91cdf7ece5Microsoft.DevicesFlow
    Contact Support0db5fcff-4544-458a-b320-e352dfd9ca2bWindows.ContactSupport
    Cortanafd68dcf4-166f-4c55-a4ca-348020f71b94Microsoft.Windows.Cortana
    Cortana Listen UICortanaListenUI
    Credentials Dialog HostMicrosoft.CredDialogHost
    Device Portal PIN UXholopairingapp
    Email and accounts39cf127b-8c67-c149-539a-c02271d07060Microsoft.AccountsControl
    Enterprise installs appda52fa01-ac0f-479d-957f-bfe4595941cb
    Equalizer373cb76e-7f6c-45aa-8633-b00e85c73261
    Excelead3e7c0-fae6-4603-8699-6a448138f4dcMicrosoft.Office.Excel
    Facebook82a23635-5bd9-df11-a844-00237de2db9eMicrosoft.MSFacebook
    Field Medic73c58570-d5a7-46f8-b1b2-2a90024fc29c
    File Explorerc5e2524a-ea46-4f67-841f-6a9465d9d515c5e2524a-ea46-4f67-841f-6a9465d9d515
    FM Radiof725010e-455d-4c09-ac48-bcdef0d4b626f725010e-455d-4c09-ac48-bcdef0d4b626
    Get Startedb3726308-3d74-4a14-a84c-867c8c735c3cMicrosoft.Getstarted
    Glance106e0a97-8b19-42cf-8879-a8ed2598fcbb
    Groove Musicd2b6a184-da39-4c9a-9e0a-8b589b03dec0Microsoft.ZuneMusic
    Hands-Free Activationdf6c9621-e873-4e86-bb56-93e9f21b1d6f
    Hands-Free Activation72803bd5-4f36-41a4-a349-e83e027c4722
    HAP update background worker73c73cdd-4dea-462c-bd83-fa983056a4ef
    Holographic ShellHoloShell
    Lumia motion data8fc25fd2-4e2e-4873-be44-20e57f6ec52b
    Mapsed27a07e-af57-416b-bc0c-2596b622ef7dMicrosoft.WindowsMaps
    Messaging27e26f40-e031-48a6-b130-d1f20388991aMicrosoft.Messaging
    Microsoft account3a4fae89-7b7e-44b4-867b-f7e2772b8253Microsoft.CloudExperienceHost
    Microsoft Edge395589fb-5884-4709-b9df-f7d558663ffdMicrosoft.MicrosoftEdge
    Microsoft FrameworksProductID = 00000000-0000-0000-0000-000000000000 -

    PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"

    Migration UIMigrationUIApp
    MiracastView906beeda-b7e6-4ddc-ba8d-ad5031223ef9906beeda-b7e6-4ddc-ba8d-ad5031223ef9
    Mixed Reality PortalMicrosoft.Windows.HolographicFirstRun
    Money1e0440f1-7abf-4b9a-863d-177970eefb5eMicrosoft.BingFinance
    Movies and TV6affe59e-0467-4701-851f-7ac026e21665Microsoft.ZuneVideo
    Music downloads3da8a0c1-f7e5-47c0-a680-be8fd013f747
    Navigation bar2cd23676-8f68-4d07-8dd2-e693d4b01279
    Network services62f172d1-f552-4749-871c-2afd1c95c245
    News9c3e8cad-6702-4842-8f61-b8b33cc9caf1Microsoft.BingNews
    OneDrivead543082-80ec-45bb-aa02-ffe7f4182ba8Microsoft.MicrosoftSkydrive
    OneNoteca05b3ab-f157-450c-8c49-a1f127f5e71dMicrosoft.Office.OneNote
    Outlook Calendar and Maila558feba-85d7-4665-b5d8-a2ff9c19799bMicrosoft.WindowsCommunicationsApps
    People60be1fb8-3291-4b21-bd39-2221ab166481Microsoft.People
    Phone5b04b775-356b-4aa0-aaf8-6491ffea56115b04b775-356b-4aa0-aaf8-6491ffea5611
    Phone (dialer)f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7Microsoft.CommsPhone
    Phone reset dialog2864278d-09b5-46f7-b502-1c24139ecbdd
    Photosfca55e1b-b9a4-4289-882f-084ef4145005Microsoft.Windows.Photos
    Podcastsc3215724-b279-4206-8c3e-61d1a9d63ed3Microsoft.MSPodcast
    Podcast downloads063773e7-f26f-4a92-81f0-aa71a1161e30
    PowerPointb50483c4-8046-4e1b-81ba-590b24935798Microsoft.Office.PowerPoint
    PrintDialog0d32eeb1-32f0-40da-8558-cea6fcbec4a4Microsoft.PrintDialog
    Purchase dialogc60e79ca-063b-4e5d-9177-1309357b2c3f
    Rate your deviceaec3bfad-e38c-4994-9c32-50bd030730ec
    RingtoneApp.WindowsPhone3e962450-486b-406b-abb5-d38b4ee7e6feMicrosoft.Tonepicker
    Save ringtoned8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24b
    Settings2a4e62d8-8809-4787-89f8-69d0f01654fb2a4e62d8-8809-4787-89f8-69d0f01654fb
    SettingsSystemSettings
    Setup wizard07d87655-e4f0-474b-895a-773790ad4a32
    Sharingb0894dfd-4671-4bb9-bc17-a8b39947ffb6
    Sign in for Windows 10 HolographicWebAuthBridgeInternetSso, WebAuthBridgeInternet, WebAuthBridgeIntranetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternet, WebAuthBrokerIntranetSso, SignIn
    Skypec3f8e570-68b3-4d6a-bdbb-c0a3f4360a51Microsoft.SkypeApp
    Skype Video27e26f40-e031-48a6-b130-d1f20388991aMicrosoft.Messaging
    Sports0f4c8c7e-7114-4e1e-a84c-50664db13b17Microsoft.BingSports
    SSMHoste232aa77-2b6d-442c-b0c3-f3bb9788af2a
    Start5b04b775-356b-4aa0-aaf8-6491ffea56025b04b775-356b-4aa0-aaf8-6491ffea5602
    Storage5b04b775-356b-4aa0-aaf8-6491ffea564d5b04b775-356b-4aa0-aaf8-6491ffea564d
    Store7d47d89a-7900-47c5-93f2-46eb6d94c159Microsoft.WindowsStore
    Touch (gestures and touch)bbc57c87-46af-4c2c-824e-ac8104cceb38
    Voice recorder7311b9c5-a4e9-4c74-bc3c-55b06ba95ad0Microsoft.WindowsSoundRecorder
    Wallet587a4577-7868-4745-a29e-f996203f1462Microsoft.MicrosoftWallet
    Wallet12ae577e-f8d1-4197-a207-4d24c309ff8fMicrosoft.Wallet
    Weather63c2a117-8604-44e7-8cef-df10be3a57c8Microsoft.BingWeather
    Windows default lock screencdd63e31-9307-4ccb-ab62-1ffa5721b503
    Windows Feedback7604089d-d13f-4a2d-9998-33fc02b63ce3Microsoft.WindowsFeedback
    Word258f115c-48f4-4adb-9a68-1387e634459bMicrosoft.Office.Word
    Work or school accounte5f8b2c4-75ae-45ee-9be8-212e34f77747Microsoft.AAD.BrokerPlugin
    Xboxb806836f-eebe-41c9-8669-19e243b81b83Microsoft.XboxApp
    Xbox identity providerba88225b-059a-45a2-a8eb-d3580283e49dMicrosoft.XboxIdentityProvider
    - - +|App|Product ID|Product name| +|--- |--- |--- | +|3D Viewer|f41647c9-d567-4378-b2ab-7924e5a152f3|Microsoft.Microsoft3DViewer (Added in Windows 10, version 1703)| +|Advanced info|b6e3e590-9fa5-40c0-86ac-ef475de98e88|b6e3e590-9fa5-40c0-86ac-ef475de98e88| +|Age out worker|09296e27-c9f3-4ab9-aa76-ecc4497d94bb|| +|Alarms and clock|44f7d2b4-553d-4bec-a8b7-634ce897ed5f|Microsoft.WindowsAlarms| +|App downloads|20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac|| +|Assigned access lock app|b84f4722-313e-4f85-8f41-cf5417c9c5cb|| +|Bing lock images|5f28c179-2780-41df-b966-27807b8de02c|| +|Block and filter|59553c14-5701-49a2-9909-264d034deb3d|| +|Broker plug-in (same as Work or school account)||Microsoft.AAD.BrokerPlugin| +|Calculator|b58171c6-c70c-4266-a2e8-8f9c994f4456|Microsoft.WindowsCalculator| +|Camera|f0d8fefd-31cd-43a1-a45a-d0276db069f1|Microsoft.WindowsCamera| +|CertInstaller|4c4ad968-7100-49de-8cd1-402e198d869e|| +|Color profile|b08997ca-60ab-4dce-b088-f92e9c7994f3|| +|Connect|af7d2801-56c0-4eb1-824b-dd91cdf7ece5|Microsoft.DevicesFlow| +|Contact Support|0db5fcff-4544-458a-b320-e352dfd9ca2b|Windows.ContactSupport| +|Cortana|fd68dcf4-166f-4c55-a4ca-348020f71b94|Microsoft.Windows.Cortana| +|Cortana Listen UI||CortanaListenUI| +|Credentials Dialog Host||Microsoft.CredDialogHost| +|Device Portal PIN UX||holopairingapp| +|Email and accounts|39cf127b-8c67-c149-539a-c02271d07060|Microsoft.AccountsControl| +|Enterprise installs app|da52fa01-ac0f-479d-957f-bfe4595941cb|| +|Equalizer|373cb76e-7f6c-45aa-8633-b00e85c73261|| +|Excel|ead3e7c0-fae6-4603-8699-6a448138f4dc|Microsoft.Office.Excel| +|Facebook|82a23635-5bd9-df11-a844-00237de2db9e|Microsoft.MSFacebook| +|Field Medic|73c58570-d5a7-46f8-b1b2-2a90024fc29c|| +|File Explorer|c5e2524a-ea46-4f67-841f-6a9465d9d515|c5e2524a-ea46-4f67-841f-6a9465d9d515| +|FM Radio|f725010e-455d-4c09-ac48-bcdef0d4b626|f725010e-455d-4c09-ac48-bcdef0d4b626| +|Get Started|b3726308-3d74-4a14-a84c-867c8c735c3c|Microsoft.Getstarted| +|Glance|106e0a97-8b19-42cf-8879-a8ed2598fcbb|| +|Groove Music|d2b6a184-da39-4c9a-9e0a-8b589b03dec0|Microsoft.ZuneMusic| +|Hands-Free Activation|df6c9621-e873-4e86-bb56-93e9f21b1d6f|| +|Hands-Free Activation|72803bd5-4f36-41a4-a349-e83e027c4722|| +|HAP update background worker|73c73cdd-4dea-462c-bd83-fa983056a4ef|| +|Holographic Shell||HoloShell| +|Lumia motion data|8fc25fd2-4e2e-4873-be44-20e57f6ec52b|| +|Maps|ed27a07e-af57-416b-bc0c-2596b622ef7d|Microsoft.WindowsMaps| +|Messaging|27e26f40-e031-48a6-b130-d1f20388991a|Microsoft.Messaging| +|Microsoft account|3a4fae89-7b7e-44b4-867b-f7e2772b8253|Microsoft.CloudExperienceHost| +|Microsoft Edge|395589fb-5884-4709-b9df-f7d558663ffd|Microsoft.MicrosoftEdge| +|Microsoft Frameworks|ProductID = 00000000-0000-0000-0000-000000000000 +PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"|| +|Migration UI||MigrationUIApp| +|MiracastView|906beeda-b7e6-4ddc-ba8d-ad5031223ef9|906beeda-b7e6-4ddc-ba8d-ad5031223ef9| +|Mixed Reality Portal||Microsoft.Windows.HolographicFirstRun| +|Money|1e0440f1-7abf-4b9a-863d-177970eefb5e|Microsoft.BingFinance| +|Movies and TV|6affe59e-0467-4701-851f-7ac026e21665|Microsoft.ZuneVideo| +|Music downloads|3da8a0c1-f7e5-47c0-a680-be8fd013f747|| +|Navigation bar|2cd23676-8f68-4d07-8dd2-e693d4b01279|| +|Network services|62f172d1-f552-4749-871c-2afd1c95c245|| +|News|9c3e8cad-6702-4842-8f61-b8b33cc9caf1|Microsoft.BingNews| +|OneDrive|ad543082-80ec-45bb-aa02-ffe7f4182ba8|Microsoft.MicrosoftSkydrive| +|OneNote|ca05b3ab-f157-450c-8c49-a1f127f5e71d|Microsoft.Office.OneNote| +|Outlook Calendar and Mail|a558feba-85d7-4665-b5d8-a2ff9c19799b|Microsoft.WindowsCommunicationsApps| +|People|60be1fb8-3291-4b21-bd39-2221ab166481|Microsoft.People| +|Phone|5b04b775-356b-4aa0-aaf8-6491ffea5611|5b04b775-356b-4aa0-aaf8-6491ffea5611| +|Phone (dialer)|f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7|Microsoft.CommsPhone| +|Phone reset dialog|2864278d-09b5-46f7-b502-1c24139ecbdd|| +|Photos|fca55e1b-b9a4-4289-882f-084ef4145005|Microsoft.Windows.Photos| +|Podcasts|c3215724-b279-4206-8c3e-61d1a9d63ed3|Microsoft.MSPodcast| +|Podcast downloads|063773e7-f26f-4a92-81f0-aa71a1161e30|| +|PowerPoint|b50483c4-8046-4e1b-81ba-590b24935798|Microsoft.Office.PowerPoint| +|PrintDialog|0d32eeb1-32f0-40da-8558-cea6fcbec4a4|Microsoft.PrintDialog| +|Purchase dialog|c60e79ca-063b-4e5d-9177-1309357b2c3f|| +|Rate your device|aec3bfad-e38c-4994-9c32-50bd030730ec|| +|RingtoneApp.WindowsPhone|3e962450-486b-406b-abb5-d38b4ee7e6fe|Microsoft.Tonepicker| +|Save ringtone|d8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24b|| +|Settings|2a4e62d8-8809-4787-89f8-69d0f01654fb|2a4e62d8-8809-4787-89f8-69d0f01654fb| +|Settings||SystemSettings| +|Setup wizard|07d87655-e4f0-474b-895a-773790ad4a32|| +|Sharing|b0894dfd-4671-4bb9-bc17-a8b39947ffb6|| +|Sign in for Windows 10 Holographic||WebAuthBridgeInternetSso, WebAuthBridgeInternet, WebAuthBridgeIntranetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternetSso, WebAuthBrokerInternet, WebAuthBrokerIntranetSso, SignIn| +|Skype|c3f8e570-68b3-4d6a-bdbb-c0a3f4360a51|Microsoft.SkypeApp| +|Skype Video|27e26f40-e031-48a6-b130-d1f20388991a|Microsoft.Messaging| +|Sports|0f4c8c7e-7114-4e1e-a84c-50664db13b17|Microsoft.BingSports| +|SSMHost|e232aa77-2b6d-442c-b0c3-f3bb9788af2a|| +|Start|5b04b775-356b-4aa0-aaf8-6491ffea5602|5b04b775-356b-4aa0-aaf8-6491ffea5602| +|Storage|5b04b775-356b-4aa0-aaf8-6491ffea564d|5b04b775-356b-4aa0-aaf8-6491ffea564d| +|Store|7d47d89a-7900-47c5-93f2-46eb6d94c159|Microsoft.WindowsStore| +|Touch (gestures and touch)|bbc57c87-46af-4c2c-824e-ac8104cceb38|| +|Voice recorder|7311b9c5-a4e9-4c74-bc3c-55b06ba95ad0|Microsoft.WindowsSoundRecorder| +|Wallet|587a4577-7868-4745-a29e-f996203f1462|Microsoft.MicrosoftWallet| +|Wallet|12ae577e-f8d1-4197-a207-4d24c309ff8f|Microsoft.Wallet| +|Weather|63c2a117-8604-44e7-8cef-df10be3a57c8|Microsoft.BingWeather| +|Windows default lock screen|cdd63e31-9307-4ccb-ab62-1ffa5721b503|| +|Windows Feedback|7604089d-d13f-4a2d-9998-33fc02b63ce3|Microsoft.WindowsFeedback| +|Word|258f115c-48f4-4adb-9a68-1387e634459b|Microsoft.Office.Word| +|Work or school account|e5f8b2c4-75ae-45ee-9be8-212e34f77747|Microsoft.AAD.BrokerPlugin| +|Xbox|b806836f-eebe-41c9-8669-19e243b81b83|Microsoft.XboxApp| +|Xbox identity provider|ba88225b-059a-45a2-a8eb-d3580283e49d|Microsoft.XboxIdentityProvider| ## Allowlist examples diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md index 74ea36df77..e99f6fb7de 100644 --- a/windows/client-management/mdm/assign-seats.md +++ b/windows/client-management/mdm/assign-seats.md @@ -18,62 +18,21 @@ The **Assign seat** operation assigns seat for a specified user in the Microsoft ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    POST

    https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}

    +**POST:** + +```http +https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username} +``` -  ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    productId

    string

    Required. Product identifier for an application that is used by the Store for Business.

    skuId

    string

    Required. Product identifier that specifies a specific SKU of an application.

    username

    string

    Requires UserPrincipalName (UPN). User name of the target user account.

    - +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|username|string|Requires UserPrincipalName (UPN). User name of the target user account.| ## Response @@ -81,58 +40,9 @@ The following parameters may be specified in the request URI. The response body contains [SeatDetails](data-structures-windows-store-for-business.md#seatdetails). - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData fieldDetails

    400

    Invalid parameters

    No

    Parameter name

    -

    Reason: Invalid parameter

    -

    Details: String

    Invalid can include productId, skuId or userName

    404

    Not found

    Item type: Inventory, User, Seat

    -

    Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName

    ItemType: Inventory User Seat

    -

    Values: ProductId/SkuId UserName ProductId/SkuId/UserName

    409

    Conflict

    Reason: Not online

    - -  - -  - - - - - +|Error code|Description|Retry|Data field|Details| +|--- |--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name
    Reason: Invalid parameter
    Details: String|Invalid can include productId, skuId or userName| +|404|Not found||Item type: Inventory, User, Seat

    Values: ProductId/SkuId, UserName, ProductId/SkuId/UserName|ItemType: Inventory User Seat

    Values: ProductId/SkuId UserName ProductId/SkuId/UserName| +|409|Conflict||Reason: Not online|| diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index c0db9e8151..1ac0f3ab4d 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -187,40 +187,14 @@ The following image show how MDM applications show up in the Azure app gallery. The following table shows the required information to create an entry in the Azure AD app gallery. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ItemDescription

    Application ID

    The client ID of your MDM app that is configured within your tenant. This ID is the unique identifier for your multi-tenant app.

    Publisher

    A string that identifies the publisher of the app.

    Application URL

    A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL isn't used for the actual enrollment.

    Description

    A brief description of your MDM app, which must be under 255 characters.

    Icons

    A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215

    +|Item|Description| +|--- |--- | +|**Application ID**|The client ID of your MDM app that is configured within your tenant. This ID is the unique identifier for your multi-tenant app.| +|**Publisher**|A string that identifies the publisher of the app.| +|**Application URL**|A URL to the landing page of your app where your administrators can get more information about the MDM app and contains a link to the landing page of your app. This URL isn't used for the actual enrollment.| +|**Description**|A brief description of your MDM app, which must be under 255 characters.| +|**Icons**|A set of logo icons for the MDM app. Dimensions: 45 X 45, 150 X 122, 214 X 215| + ### Add on-premises MDM to the app gallery @@ -250,42 +224,10 @@ The CSS files provided by Microsoft contain version information and we recommend An MDM page must adhere to a predefined theme depending on the scenario that is displayed. For example, if the CXH-HOSTHTTP header is FRX, which is the OOBE scenario, then the page must support a dark theme with blue background color, which uses WinJS file Ui-dark.css ver 4.0 and oobe-desktop.css ver 1.0.4. - ------- - - - - - - - - - - - - - - - - - - - - - - - - - -
    CXH-HOST (HTTP HEADER)ScenarioBackground ThemeWinJSScenario CSS
    FRXOOBEDark theme + blue background colorFilename: Ui-dark.cssFilename: oobe-dekstop.css
    MOSETSettings/ -

    Post OOBE

    		Light themeFilename: Ui-light.cssFilename: settings-desktop.css
    - +|CXH-HOST (HTTP HEADER)|Scenario|Background Theme|WinJS|Scenario CSS| +|--- |--- |--- |--- |--- | +|FRX|OOBE|Dark theme + blue background color|Filename: Ui-dark.css|Filename: oobe-dekstop.css| +|MOSET|Settings/Post OOBE|Light theme|Filename: Ui-light.css|Filename: settings-desktop.css| ## Terms of Use protocol semantics @@ -297,36 +239,12 @@ This redirect is a full page redirect to the Terms of User endpoint hosted by th The following parameters are passed in the query string: - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    ItemDescription

    redirect_uri

    After the user accepts or rejects the Terms of Use, the user is redirected to this URL.

    client-request-id

    A GUID that is used to correlate logs for diagnostic and debugging purposes. Use this parameter to log or trace the state of the enrollment request to help find the root cause of failures.

    api-version

    Specifies the version of the protocol requested by the client. This value provides a mechanism to support version revisions of the protocol.

    mode

    Specifies that the device is organization owned when mode=azureadjoin. This parameter isn't present for BYOD devices.

    +|Item|Description| +|--- |--- | +|redirect_uri|After the user accepts or rejects the Terms of Use, the user is redirected to this URL.| +|client-request-id|A GUID that is used to correlate logs for diagnostic and debugging purposes. Use this parameter to log or trace the state of the enrollment request to help find the root cause of failures.| +|api-version|Specifies the version of the protocol requested by the client. This value provides a mechanism to support version revisions of the protocol.| +|mode|Specifies that the device is organization owned when mode=azureadjoin. This parameter isn't present for BYOD devices.| ### Access token @@ -337,37 +255,13 @@ Azure AD issues a bearer access token. The token is passed in the authorization The following claims are expected in the access token passed by Windows to the Terms of Use endpoint: - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    ItemDescription

    Object ID

    Identifier of the user object corresponding to the authenticated user.

    UPN

    A claim containing the user principal name (UPN) of the authenticated user.

    TID

    A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.

    Resource

    A sanitized URL representing the MDM application. Example, https://fabrikam.contosomdm.com.

    -
    +|Item|Description| +|--- |--- | +|Object ID|Identifier of the user object corresponding to the authenticated user.| +|UPN|A claim containing the user principal name (UPN) of the authenticated user.| +|TID|A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.| +|Resource|A sanitized URL representing the MDM application. Example,
    [https://fabrikam.contosomdm.com](https://fabrikam.contosomdm.com).| + > [!NOTE] > There's no device ID claim in the access token because the device may not yet be enrolled at this time. @@ -428,184 +322,35 @@ Location: ms-appx-web://App1/ToUResponse?error=access_denied&error_description=A The following table shows the error codes. - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    CauseHTTP statusErrorDescription

    api-version

    302

    invalid_request

    unsupported version

    Tenant or user data are missing or other required prerequisites for device enrollment are not met

    302

    unauthorized_client

    unauthorized user or tenant

    Azure AD token validation failed

    302

    unauthorized_client

    unauthorized_client

    internal service error

    302

    server_error

    internal service error

    +|Cause|HTTP status|Error|Description| +|--- |--- |--- |--- | +|api-version|302|invalid_request|unsupported version| +|Tenant or user data are missing or other required prerequisites for device enrollment are not met|302|unauthorized_client|unauthorized user or tenant| +|Azure AD token validation failed|302|unauthorized_client|unauthorized_client| +|internal service error|302|server_error|internal service error| ## Enrollment protocol with Azure AD With Azure integrated MDM enrollment, there's no discovery phase and the discovery URL is directly passed down to the system from Azure. The following table shows the comparison between the traditional and Azure enrollments. - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    DetailTraditional MDM enrollmentAzure AD Join (organization-owned device)Azure AD adds a work account (user-owned device)

    MDM auto-discovery using email address to retrieve MDM discovery URL

    Enrollment

    Not applicable

    -

    Discovery URL provisioned in Azure

    Uses MDM discovery URL

    Enrollment

    -

    Enrollment renewal

    -

    ROBO

    Enrollment

    -

    Enrollment renewal

    -

    ROBO

    Enrollment

    -

    Enrollment renewal

    -

    ROBO

    Is MDM enrollment required?

    Yes

    Yes

    No

    -

    User can decline.

    Authentication type

    OnPremise

    -

    Federated

    -

    Certificate

    Federated

    Federated

    EnrollmentPolicyServiceURL

    Optional (all auth)

    Optional (all auth)

    -

    Optional (all auth)

    -

    EnrollmentServiceURL

    Required (all auth)

    Used (all auth)

    Used (all auth)

    EnrollmentServiceURL includes OS Version, OS Platform, and other attributes provided by MDM discovery URL

    Highly recommended

    Highly recommended

    Highly recommended

    AuthenticationServiceURL used

    Used (Federated auth)

    Skipped

    Skipped

    BinarySecurityToken

    Custom per MDM

    Azure AD issued token

    Azure AD issued token

    EnrollmentType

    Full

    Device

    Full

    Enrolled certificate type

    User certificate

    Device certificate

    User certificate

    Enrolled certificate store

    My/User

    My/System

    My/User

    CSR subject name

    User Principal Name

    Device ID

    User Principal Name

    EnrollmentData Terms of Use binary blob as AdditionalContext for EnrollmentServiceURL

    Not supported

    Supported

    Supported

    CSPs accessible during enrollment

    Windows 10 support:

    -
      -
    • DMClient
      • -
    • CertificateStore
      • -
    • RootCATrustedCertificates
      • -
    • ClientCertificateInstall
      • -
    • EnterpriseModernAppManagement
      • -
    • PassportForWork
      • -
    • Policy
      • -
    • w7 APPLICATION
      • -
    -
    - - +|Detail|Traditional MDM enrollment|Azure AD Join (organization-owned device)|Azure AD adds a work account (user-owned device)| +|--- |--- |--- |--- | +|MDM auto-discovery using email address to retrieve MDM discovery URL|Enrollment|Not applicable
    Discovery URL provisioned in Azure|| +|Uses MDM discovery URL|Enrollment
    Enrollment renewal
    ROBO|Enrollment
    Enrollment renewal
    ROBO|Enrollment
    Enrollment renewal
    ROBO| +|Is MDM enrollment required?|Yes|Yes|No
    User can decline.| +|Authentication type|OnPremise
    Federated
    Certificate|Federated|Federated| +|EnrollmentPolicyServiceURL|Optional (all auth)|Optional (all auth)|Optional (all auth)| +|EnrollmentServiceURL|Required (all auth)|Used (all auth)|Used (all auth)| +|EnrollmentServiceURL includes OS Version, OS Platform, and other attributes provided by MDM discovery URL|Highly recommended|Highly recommended|Highly recommended| +|AuthenticationServiceURL used|Used (Federated auth)|Skipped|Skipped| +|BinarySecurityToken|Custom per MDM|Azure AD issued token|Azure AD issued token| +|EnrollmentType|Full|Device|Full| +|Enrolled certificate type|User certificate|Device certificate|User certificate| +|Enrolled certificate store|My/User|My/System|My/User| +|CSR subject name|User Principal Name|Device ID|User Principal Name| +|EnrollmentData Terms of Use binary blob as AdditionalContext for EnrollmentServiceURL|Not supported|Supported|Supported| +|CSPs accessible during enrollment|Windows 10 support:
  • DMClient
  • CertificateStore
  • RootCATrustedCertificates
  • ClientCertificateInstall
  • EnterpriseModernAppManagement
  • PassportForWork
  • Policy
  • w7 APPLICATION||| ## Management protocol with Azure AD @@ -737,202 +482,41 @@ When a user is enrolled into MDM through Azure Active Directory Join and then di ## Error codes - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    CodeIDError message
    0x80180001"idErrorServerConnectivity", // MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x80180002"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_AUTHENTICATION_ERROR

    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.

    0x80180003"idErrorAuthorizationFailure", // MENROLL_E_DEVICE_AUTHORIZATION_ERROR

    This user isn't authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.

    0x80180004"idErrorMDMCertificateError", // MENROLL_E_DEVICE_CERTIFCATEREQUEST_ERROR

    There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.

    0x80180005"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x80180006"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x80180007"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_INVALIDSECURITY_ERROR

    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.

    0x80180008"idErrorServerConnectivity", // MENROLL_E_DEVICE_UNKNOWN_ERROR

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x80180009"idErrorAlreadyInProgress", // MENROLL_E_ENROLLMENT_IN_PROGRESS

    Another enrollment is in progress. You can try to do this again or contact your system administrator with the error code {0}.

    0x8018000A"idErrorMDMAlreadyEnrolled", // MENROLL_E_DEVICE_ALREADY_ENROLLED

    This device is already enrolled. You can contact your system administrator with the error code {0}.

    0x8018000D"idErrorMDMCertificateError", // MENROLL_E_DISCOVERY_SEC_CERT_DATE_INVALID

    There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.

    0x8018000E"idErrorAuthenticationFailure", // MENROLL_E_PASSWORD_NEEDED

    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.

    0x8018000F"idErrorAuthenticationFailure", // MENROLL_E_WAB_ERROR

    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.

    0x80180010"idErrorServerConnectivity", // MENROLL_E_CONNECTIVITY

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x80180012"idErrorMDMCertificateError", // MENROLL_E_INVALIDSSLCERT

    There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.

    0x80180013"idErrorDeviceLimit", // MENROLL_E_DEVICECAPREACHED

    Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.

    0x80180014"idErrorMDMNotSupported", // MENROLL_E_DEVICENOTSUPPORTED

    This feature isn't supported. Contact your system administrator with the error code {0}.

    0x80180015"idErrorMDMNotSupported", // MENROLL_E_NOTSUPPORTED

    This feature isn't supported. Contact your system administrator with the error code {0}.

    0x80180016"idErrorMDMRenewalRejected", // MENROLL_E_NOTELIGIBLETORENEW

    The server did not accept the request. You can try to do this again or contact your system administrator with the error code {0}.

    0x80180017"idErrorMDMAccountMaintenance", // MENROLL_E_INMAINTENANCE

    The service is in maintenance. You can try to do this again later or contact your system administrator with the error code {0}.

    0x80180018"idErrorMDMLicenseError", // MENROLL_E_USERLICENSE

    There was an error with your license. You can try to do this again or contact your system administrator with the error code {0}.

    0x80180019"idErrorInvalidServerConfig", // MENROLL_E_ENROLLMENTDATAINVALID

    Looks like the server isn't correctly configured. You can try to do this again or contact your system administrator with the error code {0}.

    "rejectedTermsOfUse""idErrorRejectedTermsOfUse"

    Your organization requires that you agree to the Terms of Use. Please try again or ask your support person for more information.

    0x801c0001"idErrorServerConnectivity", // DSREG_E_DEVICE_MESSAGE_FORMAT_ERROR

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x801c0002"idErrorAuthenticationFailure", // DSREG_E_DEVICE_AUTHENTICATION_ERROR

    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.

    0x801c0003"idErrorAuthorizationFailure", // DSREG_E_DEVICE_AUTHORIZATION_ERROR

    This user isn't authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.

    0x801c0006"idErrorServerConnectivity", // DSREG_E_DEVICE_INTERNALSERVICE_ERROR

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x801c000B"idErrorUntrustedServer", // DSREG_E_DISCOVERY_REDIRECTION_NOT_TRUSTEDThe server being contacted isn't trusted. Contact your system administrator with the error code {0}.
    0x801c000C"idErrorServerConnectivity", // DSREG_E_DISCOVERY_FAILED

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x801c000E"idErrorDeviceLimit", // DSREG_E_DEVICE_REGISTRATION_QUOTA_EXCCEEDED

    Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.

    0x801c000F"idErrorDeviceRequiresReboot", // DSREG_E_DEVICE_REQUIRES_REBOOT

    A reboot is required to complete device registration.

    0x801c0010"idErrorInvalidCertificate", // DSREG_E_DEVICE_AIK_VALIDATION_ERROR

    Looks like you have an invalid certificate. Contact your system administrator with the error code {0}.

    0x801c0011"idErrorAuthenticationFailure", // DSREG_E_DEVICE_ATTESTATION_ERROR

    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.

    0x801c0012"idErrorServerConnectivity", // DSREG_E_DISCOVERY_BAD_MESSAGE_ERROR

    There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}

    0x801c0013"idErrorAuthenticationFailure", // DSREG_E_TENANTID_NOT_FOUND

    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.

    0x801c0014"idErrorAuthenticationFailure", // DSREG_E_USERSID_NOT_FOUND

    There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.

    - - - +|Code|ID|Error message| +|--- |--- |--- | +|0x80180001|"idErrorServerConnectivity", // MENROLL_E_DEVICE_MESSAGE_FORMAT_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x80180002|"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_AUTHENTICATION_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.| +|0x80180003|"idErrorAuthorizationFailure", // MENROLL_E_DEVICE_AUTHORIZATION_ERROR|This user isn't authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.| +|0x80180004|"idErrorMDMCertificateError", // MENROLL_E_DEVICE_CERTIFCATEREQUEST_ERROR|There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.| +|0x80180005|"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x80180006|"idErrorServerConnectivity", // MENROLL_E_DEVICE_CONFIGMGRSERVER_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x80180007|"idErrorAuthenticationFailure", // MENROLL_E_DEVICE_INVALIDSECURITY_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.| +|0x80180008|"idErrorServerConnectivity", // MENROLL_E_DEVICE_UNKNOWN_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x80180009|"idErrorAlreadyInProgress", // MENROLL_E_ENROLLMENT_IN_PROGRESS|Another enrollment is in progress. You can try to do this again or contact your system administrator with the error code {0}.| +|0x8018000A|"idErrorMDMAlreadyEnrolled", // MENROLL_E_DEVICE_ALREADY_ENROLLED|This device is already enrolled. You can contact your system administrator with the error code {0}.| +|0x8018000D|"idErrorMDMCertificateError", // MENROLL_E_DISCOVERY_SEC_CERT_DATE_INVALID|There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.| +|0x8018000E|"idErrorAuthenticationFailure", // MENROLL_E_PASSWORD_NEEDED|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.| +|0x8018000F|"idErrorAuthenticationFailure", // MENROLL_E_WAB_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.| +|0x80180010|"idErrorServerConnectivity", // MENROLL_E_CONNECTIVITY|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x80180012|"idErrorMDMCertificateError", // MENROLL_E_INVALIDSSLCERT|There was a certificate error. You can try to do this again or contact your system administrator with the error code {0}.| +|0x80180013|"idErrorDeviceLimit", // MENROLL_E_DEVICECAPREACHED|Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.| +|0x80180014|"idErrorMDMNotSupported", // MENROLL_E_DEVICENOTSUPPORTED|This feature isn't supported. Contact your system administrator with the error code {0}.| +|0x80180015|"idErrorMDMNotSupported", // MENROLL_E_NOTSUPPORTED|This feature isn't supported. Contact your system administrator with the error code {0}.| +|0x80180016|"idErrorMDMRenewalRejected", // MENROLL_E_NOTELIGIBLETORENEW|The server did not accept the request. You can try to do this again or contact your system administrator with the error code {0}.| +|0x80180017|"idErrorMDMAccountMaintenance", // MENROLL_E_INMAINTENANCE|The service is in maintenance. You can try to do this again later or contact your system administrator with the error code {0}.| +|0x80180018|"idErrorMDMLicenseError", // MENROLL_E_USERLICENSE|There was an error with your license. You can try to do this again or contact your system administrator with the error code {0}.| +|0x80180019|"idErrorInvalidServerConfig", // MENROLL_E_ENROLLMENTDATAINVALID|Looks like the server isn't correctly configured. You can try to do this again or contact your system administrator with the error code {0}.| +|"rejectedTermsOfUse"|"idErrorRejectedTermsOfUse"|Your organization requires that you agree to the Terms of Use. Please try again or ask your support person for more information.| +|0x801c0001|"idErrorServerConnectivity", // DSREG_E_DEVICE_MESSAGE_FORMAT_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x801c0002|"idErrorAuthenticationFailure", // DSREG_E_DEVICE_AUTHENTICATION_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.| +|0x801c0003|"idErrorAuthorizationFailure", // DSREG_E_DEVICE_AUTHORIZATION_ERROR|This user isn't authorized to enroll. You can try to do this again or contact your system administrator with the error code {0}.| +|0x801c0006|"idErrorServerConnectivity", // DSREG_E_DEVICE_INTERNALSERVICE_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x801c000B|"idErrorUntrustedServer", // DSREG_E_DISCOVERY_REDIRECTION_NOT_TRUSTED|The server being contacted isn't trusted. Contact your system administrator with the error code {0}.| +|0x801c000C|"idErrorServerConnectivity", // DSREG_E_DISCOVERY_FAILED|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x801c000E|"idErrorDeviceLimit", // DSREG_E_DEVICE_REGISTRATION_QUOTA_EXCCEEDED|Looks like there are too many devices or users for this account. Contact your system administrator with the error code {0}.| +|0x801c000F|"idErrorDeviceRequiresReboot", // DSREG_E_DEVICE_REQUIRES_REBOOT|A reboot is required to complete device registration.| +|0x801c0010|"idErrorInvalidCertificate", // DSREG_E_DEVICE_AIK_VALIDATION_ERROR|Looks like you have an invalid certificate. Contact your system administrator with the error code {0}.| +|0x801c0011|"idErrorAuthenticationFailure", // DSREG_E_DEVICE_ATTESTATION_ERROR|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.| +|0x801c0012|"idErrorServerConnectivity", // DSREG_E_DISCOVERY_BAD_MESSAGE_ERROR|There was an error communicating with the server. You can try to do this again or contact your system administrator with the error code {0}| +|0x801c0013|"idErrorAuthenticationFailure", // DSREG_E_TENANTID_NOT_FOUND|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.| +|0x801c0014|"idErrorAuthenticationFailure", // DSREG_E_USERSID_NOT_FOUND|There was a problem authenticating your account or device. You can try to do this again or contact your system administrator with the error code {0}.| diff --git a/windows/client-management/mdm/browserfavorite-csp.md b/windows/client-management/mdm/browserfavorite-csp.md index bf703c3671..b801864fd5 100644 --- a/windows/client-management/mdm/browserfavorite-csp.md +++ b/windows/client-management/mdm/browserfavorite-csp.md @@ -69,40 +69,12 @@ Adding a new browser favorite. The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    ElementsAvailable

    Parm-query

    Yes

    Noparm

    Yes

    Nocharacteristic

    Yes

    Characteristic-query

    Yes

    -

    Recursive query: Yes

    -

    Top-level query: Yes

    - - +|Elements|Available| +|--- |--- | +|Parm-query|Yes| +|Noparm|Yes| +|Nocharacteristic|Yes| +|Characteristic-query|Yes

    Recursive query: Yes

    Top-level query: Yes| ## Related topics diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md index 03804b98b6..9f78620319 100644 --- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md +++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md @@ -18,66 +18,22 @@ The **Bulk assign and reclaim seats from users** operation returns reclaimed or ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    POST

    https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats

    +**POST**: +```http +https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats +``` ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    productId

    string

    Required. Product identifier for an application that is used by the Store for Business.

    skuId

    string

    Required. Product identifier that specifies a specific SKU of an application.

    username

    string

    Requires UserPrincipalName (UPN). User name of the target user account.

    seatAction

    SeatAction

    +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|username|string|Requires UserPrincipalName (UPN). User name of the target user account.| +|seatAction|SeatAction|| ## Response @@ -86,37 +42,8 @@ The following parameters may be specified in the request URI. The response body contains [BulkSeatOperationResultSet](data-structures-windows-store-for-business.md#bulkseatoperationresultset). - ------ - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData field

    404

    Not found

    Item type: Inventory

    -

    Values: ProductId/SkuId

    - - - - - - - - +|Error code|Description|Retry|Data field| +|--- |--- |--- |--- | +|404|Not found||Item type: Inventory
    Values: ProductId/SkuId| + \ No newline at end of file diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md index 38f858db4d..74af96a45d 100644 --- a/windows/client-management/mdm/cellularsettings-csp.md +++ b/windows/client-management/mdm/cellularsettings-csp.md @@ -30,32 +30,11 @@ CellularSettings **DataRoam**

    Optional. Integer. Specifies the default roaming value. Valid values are:

    -
    ---- - - - - - - - - - - - - - - - - - - - - -
    ValueSetting

    0

    Don’t roam

    1

    Don’t roam (or Domestic roaming if applicable)

    2

    Roam

    +|Value|Setting| +|--- |--- | +|0|Don’t roam| +|1|Don’t roam (or Domestic roaming if applicable)| +|2|Roam| ## Related topics diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md index 37fa305bce..c8c467fcc9 100644 --- a/windows/client-management/mdm/cm-cellularentries-csp.md +++ b/windows/client-management/mdm/cm-cellularentries-csp.md @@ -70,38 +70,14 @@ CM_CellularEntries **ConnectionType**

    Optional. Type: String. Specifies the type of connection used for the APN. The following connection types are available: -
    ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Gprs

    Default. Used for GPRS type connections (GPRS + GSM + EDGE + UMTS + LTE).

    Cdma

    Used for CDMA type connections (1XRTT + EVDO).

    Lte

    Used for LTE type connections (eHRPD + LTE) when the device is registered HOME.

    Legacy

    Used for GPRS + GSM + EDGE + UMTS connections.

    Lte_iwlan

    Used for GPRS type connections that may be offloaded over WiFi

    Iwlan

    Used for connections that are implemented over WiFi offload only

    +|Connection type|Usage| +|--- |--- | +|Gprs|Default. Used for GPRS type connections (GPRS + GSM + EDGE + UMTS + LTE).| +|Cdma|Used for CDMA type connections (1XRTT + EVDO).| +|Lte|Used for LTE type connections (eHRPD + LTE) when the device is registered HOME.| +|Legacy|Used for GPRS + GSM + EDGE + UMTS connections.| +|Lte_iwlan|Used for GPRS type connections that may be offloaded over WiFi| +|Iwlan|Used for connections that are implemented over WiFi offload only| @@ -295,37 +271,14 @@ Configuring a CDMA connection: ## Microsoft Custom Elements - The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. - ---- - - - - - - - - - - - - - - - - - - - - -
    ElementAvailable

    Nocharacteristic

    Yes

    Characteristic-query

    Yes

    Parm-query

    Yes

    +|Element|Available| +|--- |--- | +|Nocharacteristic|Yes| +|Characteristic-query|Yes| +|Parm-query|Yes| - ## Related topics diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md index 1cac56d2f6..b3e95aae57 100644 --- a/windows/client-management/mdm/cmpolicy-csp.md +++ b/windows/client-management/mdm/cmpolicy-csp.md @@ -83,154 +83,44 @@ For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you hav For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. The curly brackets {} around the GUID are required. The following connection types are available: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Connection typeGUID

    GSM

    {A05DC613-E393-40ad-AA89-CCCE04277CD9}

    CDMA

    {274AD55A-4A70-4E35-93B3-AE2D2E6727FC}

    Legacy 3GPP

    {6DE4C04B-B74E-47FA-99E5-8F2097C06A92}

    LTE

    {2378E547-8312-46A5-905E-5C581E92693B}

    Wi-Fi

    {8568B401-858E-4B7B-B3DF-0FD4927F131B}

    Wi-Fi hotspot

    {072FC7DC-1D93-40D1-9BB0-2114D7D73434}

    +|Connection type|GUID| +|--- |--- | +|GSM|{A05DC613-E393-40ad-AA89-CCCE04277CD9}| +|CDMA|{274AD55A-4A70-4E35-93B3-AE2D2E6727FC}| +|Legacy 3GPP|{6DE4C04B-B74E-47FA-99E5-8F2097C06A92}| +|LTE|{2378E547-8312-46A5-905E-5C581E92693B}| +|Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}| +|Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}| - For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Network typeGUID

    GPRS

    {AFB7D659-FC1F-4EA5-BDD0-0FDA62676D96}

    1XRTT

    {B1E700AE-A62F-49FF-9BBE-B880C995F27D}

    EDGE

    {C347F8EC-7095-423D-B838-7C7A7F38CD03}

    WCDMA UMTS

    {A72F04C6-9BE6-4151-B5EF-15A53E12C482}

    WCDMA FOMA

    {B8326098-F845-42F3-804E-8CC3FF7B50B4}

    1XEVDO

    {DD42DF39-EBDF-407C-8146-1685416401B2}

    1XEVDV

    {61BF1BFD-5218-4CD4-949C-241CA3F326F6}

    HSPA HSDPA

    {047F7282-BABD-4893-AA77-B8B312657F8C}

    HSPA HSUPA

    {1536A1C6-A4AF-423C-8884-6BDDA3656F84}

    LTE

    {B41CBF43-6994-46FF-9C2F-D6CA6D45889B}

    EHRPD

    {7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}

    Ethernet 10 Mbps

    {97D3D1B3-854A-4C32-BD1C-C13069078370}

    Ethernet 100 Mbps

    {A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}

    Ethernet Gbps

    {556C1E6B-B8D4-448E-836D-9451BA4CCE75}

    - +|Network type|GUID| +|--- |--- | +|GPRS|{AFB7D659-FC1F-4EA5-BDD0-0FDA62676D96}| +|1XRTT|{B1E700AE-A62F-49FF-9BBE-B880C995F27D}| +|EDGE|{C347F8EC-7095-423D-B838-7C7A7F38CD03}| +|WCDMA UMTS|{A72F04C6-9BE6-4151-B5EF-15A53E12C482}| +|WCDMA FOMA|{B8326098-F845-42F3-804E-8CC3FF7B50B4}| +|1XEVDO|{DD42DF39-EBDF-407C-8146-1685416401B2}| +|1XEVDV|{61BF1BFD-5218-4CD4-949C-241CA3F326F6}| +|HSPA HSDPA|{047F7282-BABD-4893-AA77-B8B312657F8C}| +|HSPA HSUPA|{1536A1C6-A4AF-423C-8884-6BDDA3656F84}| +|LTE|{B41CBF43-6994-46FF-9C2F-D6CA6D45889B}| +|EHRPD|{7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}| +|Ethernet 10 Mbps|{97D3D1B3-854A-4C32-BD1C-C13069078370}| +|Ethernet 100 Mbps|{A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}| +|Ethernet Gbps|{556C1E6B-B8D4-448E-836D-9451BA4CCE75}| For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available: - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    Device typeGUID

    Cellular device

    {F9A53167-4016-4198-9B41-86D9522DC019}

    Ethernet

    {97844272-00C7-4572-B20A-D8D861C095F2}

    Bluetooth

    {1D793123-701A-4fd0-B6AE-9C3C57E99C2C}

    Virtual

    {EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}

    +|Device type|GUID| +|--- |--- | +|Cellular device|{F9A53167-4016-4198-9B41-86D9522DC019}| +|Ethernet|{97844272-00C7-4572-B20A-D8D861C095F2}| +|Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}| +|Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}| @@ -479,36 +369,11 @@ Adding a host-based mapping policy: ## Microsoft Custom Elements - ---- - - - - - - - - - - - - - - - - - - - - -
    ElementAvailable

    parm-query

    Yes

    uncharacteristic

    Yes

    characteristic-query

    Yes

    -

    Recursive query: Yes

    -

    Top-level query: Yes

    - - +|Element|Available| +|--- |--- | +|parm-query|Yes| +|uncharacteristic|Yes| +|characteristic-query|Yes

    Recursive query: Yes

    Top-level query: Yes| ## Related topics diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index 3a5cc913a6..979ca7d250 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -83,156 +83,44 @@ For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you hav For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. The curly brackets {} around the GUID are required. The following connection types are available: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Connection typeGUID

    GSM

    {A05DC613-E393-40ad-AA89-CCCE04277CD9}

    CDMA

    {274AD55A-4A70-4E35-93B3-AE2D2E6727FC}

    Legacy 3GPP

    {6DE4C04B-B74E-47FA-99E5-8F2097C06A92}

    LTE

    {2378E547-8312-46A5-905E-5C581E92693B}

    Wi-Fi

    {8568B401-858E-4B7B-B3DF-0FD4927F131B}

    Wi-Fi hotspot

    {072FC7DC-1D93-40D1-9BB0-2114D7D73434}

    +|Connection type|GUID| +|--- |--- | +|GSM|{A05DC613-E393-40ad-AA89-CCCE04277CD9}| +|CDMA|{274AD55A-4A70-4E35-93B3-AE2D2E6727FC}| +|Legacy 3GPP|{6DE4C04B-B74E-47FA-99E5-8F2097C06A92}| +|LTE|{2378E547-8312-46A5-905E-5C581E92693B}| +|Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}| +|Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}| For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Network typeGUID

    GPRS

    {AFB7D659-FC1F-4EA5-BDD0-0FDA62676D96}

    1XRTT

    {B1E700AE-A62F-49FF-9BBE-B880C995F27D}

    EDGE

    {C347F8EC-7095-423D-B838-7C7A7F38CD03}

    WCDMA UMTS

    {A72F04C6-9BE6-4151-B5EF-15A53E12C482}

    WCDMA FOMA

    {B8326098-F845-42F3-804E-8CC3FF7B50B4}

    1XEVDO

    {DD42DF39-EBDF-407C-8146-1685416401B2}

    1XEVDV

    {61BF1BFD-5218-4CD4-949C-241CA3F326F6}

    HSPA HSDPA

    {047F7282-BABD-4893-AA77-B8B312657F8C}

    HSPA HSUPA

    {1536A1C6-A4AF-423C-8884-6BDDA3656F84}

    LTE

    {B41CBF43-6994-46FF-9C2F-D6CA6D45889B}

    EHRPD

    {7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}

    Ethernet 10Mbps

    {97D3D1B3-854A-4C32-BD1C-C13069078370}

    Ethernet 100Mbps

    {A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}

    Ethernet Gbps

    {556C1E6B-B8D4-448E-836D-9451BA4CCE75}

    - - +|Network type|GUID| +|--- |--- | +|GPRS|{AFB7D659-FC1F-4EA5-BDD0-0FDA62676D96}| +|1XRTT|{B1E700AE-A62F-49FF-9BBE-B880C995F27D}| +|EDGE|{C347F8EC-7095-423D-B838-7C7A7F38CD03}| +|WCDMA UMTS|{A72F04C6-9BE6-4151-B5EF-15A53E12C482}| +|WCDMA FOMA|{B8326098-F845-42F3-804E-8CC3FF7B50B4}| +|1XEVDO|{DD42DF39-EBDF-407C-8146-1685416401B2}| +|1XEVDV|{61BF1BFD-5218-4CD4-949C-241CA3F326F6}| +|HSPA HSDPA|{047F7282-BABD-4893-AA77-B8B312657F8C}| +|HSPA HSUPA|{1536A1C6-A4AF-423C-8884-6BDDA3656F84}| +|LTE|{B41CBF43-6994-46FF-9C2F-D6CA6D45889B}| +|EHRPD|{7CFA04A5-0F3F-445C-88A4-C86ED2AD94EA}| +|Ethernet 10Mbps|{97D3D1B3-854A-4C32-BD1C-C13069078370}| +|Ethernet 100Mbps|{A8F4FE66-8D04-43F5-9DD2-2A85BD21029B}| +|Ethernet Gbps|{556C1E6B-B8D4-448E-836D-9451BA4CCE75}| For `CMST_CONNECTION_DEVICE_TYPE`, specify the GUID for the desired device type. The curly brackets {} around the GUID are required. The following device types are available: - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    Device typeGUID

    Cellular device

    {F9A53167-4016-4198-9B41-86D9522DC019}

    Ethernet

    {97844272-00C7-4572-B20A-D8D861C095F2}

    Bluetooth

    {1D793123-701A-4fd0-B6AE-9C3C57E99C2C}

    Virtual

    {EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}

    - - +|Device type|GUID| +|--- |--- | +|Cellular device|{F9A53167-4016-4198-9B41-86D9522DC019}| +|Ethernet|{97844272-00C7-4572-B20A-D8D861C095F2}| +|Bluetooth|{1D793123-701A-4fd0-B6AE-9C3C57E99C2C}| +|Virtual|{EAA02CE5-9C70-4E87-97FE-55C9DEC847D4}| **Type** Specifies the type of connection being referenced. The following list describes the available connection types: @@ -479,36 +367,11 @@ Adding a host-based mapping policy: ## Microsoft Custom Elements - ---- - - - - - - - - - - - - - - - - - - - - -
    ElementAvailable

    parm-query

    Yes

    nocharacteristic

    Yes

    characteristic-query

    Yes

    -

    Recursive query: Yes

    -

    Top level query: Yes

    - - +|Element|Available| +|--- |--- | +|parm-query|Yes| +|nocharacteristic|Yes| +|characteristic-query|Yes

    Recursive query: Yes

    Top level query: Yes| ## Related topics diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 78158a6a3f..504e6ed823 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -33,24 +33,10 @@ Additional lists: [AccountManagement CSP](accountmanagement-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|No| @@ -59,24 +45,10 @@ Additional lists: [Accounts CSP](accounts-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -85,24 +57,10 @@ Additional lists: [ActiveSync CSP](activesync-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -111,24 +69,10 @@ Additional lists: [AllJoynManagement CSP](alljoynmanagement-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|No| @@ -137,24 +81,10 @@ Additional lists: [APPLICATION CSP](application-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -163,24 +93,10 @@ Additional lists: [ApplicationControl CSP](applicationcontrol-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes6Yes6Yes6Yes6Yes6Yes6
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -189,24 +105,10 @@ Additional lists: [AppLocker CSP](applocker-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -215,24 +117,10 @@ Additional lists: [AssignedAccess CSP](assignedaccess-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes3YesYesYesNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -241,24 +129,10 @@ Additional lists: [BOOTSTRAP CSP](bootstrap-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -267,24 +141,10 @@ Additional lists: [BitLocker CSP](bitlocker-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes5Yes2Yes2Yes2Yes2
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -293,24 +153,10 @@ Additional lists: [BrowserFavorite CSP](browserfavorite-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|No| @@ -319,24 +165,10 @@ Additional lists: [CMPolicy CSP](cmpolicy-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes3Yes3Yes3Yes3Yes3Yes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -345,25 +177,10 @@ Additional lists: [CMPolicyEnterprise CSP](cmpolicyenterprise-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes1
    +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -372,24 +189,10 @@ Additional lists: [CM_CellularEntries CSP](cm-cellularentries-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes2Yes2Yes2Yes2Yes2Yes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -398,24 +201,10 @@ Additional lists: [CM_ProxyEntries CSP](cm-proxyentries-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes3Yes3Yes3Yes3Yes3Yes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -424,24 +213,10 @@ Additional lists: [CellularSettings CSP](cellularsettings-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes2Yes2Yes2Yes2Yes2Yes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -450,24 +225,10 @@ Additional lists: [CertificateStore CSP](certificatestore-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -476,24 +237,10 @@ Additional lists: [CleanPC CSP](cleanpc-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoYes2Yes2Yes2No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|Yes|Yes|Yes|No| @@ -502,24 +249,10 @@ Additional lists: [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -528,24 +261,10 @@ Additional lists: [CustomDeviceUI CSP](customdeviceui-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|No| @@ -554,24 +273,10 @@ Additional lists: [DMAcc CSP](dmacc-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -580,24 +285,10 @@ Additional lists: [DMClient CSP](dmclient-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -606,24 +297,10 @@ Additional lists: [Defender CSP](defender-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|No| @@ -632,24 +309,10 @@ Additional lists: [DevDetail CSP](devdetail-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -658,24 +321,10 @@ Additional lists: [DevInfo CSP](devinfo-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -684,24 +333,10 @@ Additional lists: [DeveloperSetup CSP](developersetup-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|No| @@ -710,24 +345,10 @@ Additional lists: [DeviceInstanceService CSP](deviceinstanceservice-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -736,24 +357,10 @@ Additional lists: [DeviceLock CSP](devicelock-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -762,24 +369,10 @@ Additional lists: [DeviceManageability CSP](devicemanageability-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -788,25 +381,10 @@ Additional lists: [DeviceStatus CSP](devicestatus-csp.md) - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -815,24 +393,10 @@ Additional lists: [DiagnosticLog CSP](diagnosticlog-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -841,25 +405,10 @@ Additional lists: [DynamicManagement CSP](dynamicmanagement-csp.md) - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoYes2Yes2Yes3
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes|Yes| @@ -868,24 +417,10 @@ Additional lists: [EMAIL2 CSP](email2-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -894,24 +429,10 @@ Additional lists: [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes6Yes6Yes6Yes6Yes6No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|No| @@ -920,24 +441,10 @@ Additional lists: [EnterpriseAPN CSP](enterpriseapn-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes2Yes2Yes2Yes2Yes2Yes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -946,24 +453,10 @@ Additional lists: [EnterpriseAppManagement CSP](enterpriseappmanagement-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -972,24 +465,10 @@ Additional lists: [EnterpriseAppVManagement CSP](enterpriseappvmanagement-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoYes2Yes2No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes|No| @@ -998,24 +477,10 @@ Additional lists: [EnterpriseAssignedAccess CSP](enterpriseassignedaccess-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1024,25 +489,10 @@ Additional lists: [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes -Only for mobile application management (MAM)YesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes
    [Only for mobile application management (MAM)](/windows/client-management/mdm/implement-server-side-mobile-application-management#integration-with-windows-information-protection)|Yes|Yes|Yes|Yes|Yes| @@ -1051,24 +501,10 @@ Additional lists: [EnterpriseDesktopAppManagement CSP](enterprisedesktopappmanagement-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -1077,24 +513,10 @@ Additional lists: [EnterpriseExt CSP](enterpriseext-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1103,24 +525,10 @@ Additional lists: [EnterpriseExtFileSystem CSP](enterpriseextfilessystem-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1129,24 +537,10 @@ Additional lists: [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1155,24 +549,10 @@ Additional lists: [eUICCs CSP](euiccs-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes3Yes3Yes3Yes3Yes3
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1181,24 +561,10 @@ Additional lists: [FileSystem CSP](filesystem-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYesB
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1207,24 +573,10 @@ Additional lists: [Firewall CSP](firewall-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes3Yes3Yes3Yes3No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -1233,24 +585,10 @@ Additional lists: [HealthAttestation CSP](healthattestation-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1259,24 +597,10 @@ Additional lists: [HotSpot CSP](hotspot-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1285,26 +609,10 @@ Additional lists: [LanguagePackManagement CSP](language-pack-management-csp.md) - - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobileMobile Enterprise
    YesYesNoYesYesNoNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile|Mobile Enterprise| +|--- |--- |--- |--- |--- |--- |--- | +|Yes|Yes|No|Yes|Yes|No|No| @@ -1312,24 +620,10 @@ Additional lists: [Maps CSP](maps-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1338,24 +632,10 @@ Additional lists: [Messaging CSP](messaging-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes2
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1364,24 +644,10 @@ Additional lists: [MultiSIM CSP](multisim-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1390,24 +656,10 @@ Additional lists: [NAP CSP](nap-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1416,24 +668,10 @@ Additional lists: [NAPDEF CSP](napdef-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1442,24 +680,10 @@ Additional lists: [NetworkProxy CSP](networkproxy-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes2Yes2Yes2Yes2Yes2
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1468,24 +692,10 @@ Additional lists: [NetworkQoSPolicy CSP](networkqospolicy-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1494,24 +704,10 @@ Additional lists: [NodeCache CSP](nodecache-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1520,24 +716,10 @@ Additional lists: [Office CSP](office-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes2Yes2Yes2Yes2No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -1546,24 +728,10 @@ Additional lists: [PROXY CSP](proxy-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1572,24 +740,10 @@ Additional lists: [PXLOGICAL CSP](pxlogical-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1598,24 +752,10 @@ Additional lists: [PassportForWork CSP](passportforwork-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1624,24 +764,10 @@ Additional lists: [Personalization CSP](personalization-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoYes2Yes2No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|Yes|Yes|No| @@ -1650,24 +776,10 @@ Additional lists: [Policy CSP](policy-configuration-service-provider.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1676,24 +788,10 @@ Additional lists: [PolicyManager CSP](policymanager-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1702,24 +800,10 @@ Additional lists: [Provisioning CSP](provisioning-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesBYesBYesBYesBYesBYesB
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1728,24 +812,10 @@ Additional lists: [Reboot CSP](reboot-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1754,24 +824,10 @@ Additional lists: [Registry CSP](registry-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1780,24 +836,10 @@ Additional lists: [RemoteFind CSP](remotefind-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1806,24 +848,10 @@ Additional lists: [RemoteLock](remotelock-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1832,24 +860,10 @@ Additional lists: [RemoteRing CSP](remotering-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -1858,24 +872,10 @@ Additional lists: [RemoteWipe CSP](remotewipe-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1884,24 +884,10 @@ Additional lists: [Reporting CSP](reporting-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1910,24 +896,10 @@ Additional lists: [RootCATrustedCertificates CSP](rootcacertificates-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -1936,24 +908,10 @@ Additional lists: [SUPL CSP](supl-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -1962,24 +920,10 @@ Additional lists: [SecureAssessment CSP](secureassessment-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes1Yes1Yes1Yes1No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -1988,24 +932,10 @@ Additional lists: [SecurityPolicy CSP](securitypolicy-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -2014,24 +944,10 @@ Additional lists: [SharedPC CSP](sharedpc-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes1Yes1Yes1Yes1No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -2040,24 +956,10 @@ Additional lists: [Storage CSP](storage-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -2066,25 +968,10 @@ Additional lists: [SurfaceHub](surfacehub-csp.md) - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +||||||| @@ -2093,24 +980,10 @@ Additional lists: [TenantLockdown CSP](tenantlockdown-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes5Yes5Yes5Yes5No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -2119,24 +992,10 @@ Additional lists: [TPMPolicy CSP](tpmpolicy-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -2145,24 +1004,10 @@ Additional lists: [UEFI CSP](uefi-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYesYesYesYesNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -2171,24 +1016,10 @@ Additional lists: [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoYesYesYesNo
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|Yes|Yes|Yes|No| @@ -2197,24 +1028,10 @@ Additional lists: [Update CSP](update-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -2223,24 +1040,10 @@ Additional lists: [VPN CSP](vpn-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -2249,24 +1052,10 @@ Additional lists: [VPNv2 CSP](vpnv2-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -2275,25 +1064,10 @@ Additional lists: [W4 APPLICATION CSP](w4-application-csp.md) - - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +||||||Yes| @@ -2302,24 +1076,10 @@ Additional lists: [WiFi CSP](wifi-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -2328,24 +1088,10 @@ Additional lists: [Win32AppInventory CSP](win32appinventory-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes1Yes1Yes1Yes1No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -2354,24 +1100,10 @@ Additional lists: [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes5Yes5Yes5Yes5No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -2380,24 +1112,10 @@ Additional lists: [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes1Yes1Yes1Yes1No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -2406,24 +1124,10 @@ Additional lists: [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) - - - - - - - - - - - - - - - - > - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes3Yes3Yes3Yes3No
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|No| @@ -2433,24 +1137,10 @@ Additional lists: [WindowsLicensing CSP](windowslicensing-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    YesYesYesYesYesYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|Yes|Yes|Yes|Yes|Yes|Yes| @@ -2459,24 +1149,10 @@ Additional lists: [WindowsSecurityAuditing CSP](windowssecurityauditing-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoNoNoNoNoYes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|No|No|No|No|Yes| @@ -2485,24 +1161,10 @@ Additional lists: [WiredNetwork CSP](wirednetwork-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    NoYes5Yes5Yes5Yes5Yes5
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +|No|Yes|Yes|Yes|Yes|Yes| @@ -2511,24 +1173,10 @@ Additional lists: [w7 APPLICATION CSP](w7-application-csp.md) - - - - - - - - - - - - - - - - - -
    HomeProBusinessEnterpriseEducationMobile
    Yes
    + +|Home|Pro|Business|Enterprise|Education|Mobile| +|--- |--- |--- |--- |--- |--- | +||||||Yes| @@ -2555,32 +1203,32 @@ The following list shows the CSPs supported in HoloLens devices: | Configuration service provider | HoloLens (1st gen) Development Edition | HoloLens (1st gen) Commercial Suite | HoloLens 2 | |------|--------|--------|--------| -| [AccountManagement CSP](accountmanagement-csp.md) | No | Yes 4 | Yes +| [AccountManagement CSP](accountmanagement-csp.md) | No | Yes | Yes | [Accounts CSP](accounts-csp.md) | Yes | Yes | Yes | | [ApplicationControl CSP](applicationcontrol-csp.md) | No | No | Yes | | [AppLocker CSP](applocker-csp.md) | No | Yes | No | -| [AssignedAccess CSP](assignedaccess-csp.md) | No | Yes 4 | Yes | +| [AssignedAccess CSP](assignedaccess-csp.md) | No | Yes | Yes | | [CertificateStore CSP](certificatestore-csp.md) | Yes | Yes| Yes | | [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) | No | Yes | Yes | | [DevDetail CSP](devdetail-csp.md) | Yes | Yes | Yes | -| [DeveloperSetup CSP](developersetup-csp.md) | No | Yes 2 (runtime provisioning via provisioning packages only; no MDM support)| Yes | +| [DeveloperSetup CSP](developersetup-csp.md) | No | Yes (runtime provisioning via provisioning packages only; no MDM support)| Yes | | [DeviceManageability CSP](devicemanageability-csp.md) | No | No | Yes | | [DeviceStatus CSP](devicestatus-csp.md) | No | Yes | Yes | | [DevInfo CSP](devinfo-csp.md) | Yes | Yes | Yes | | [DiagnosticLog CSP](diagnosticlog-csp.md) | No | Yes | Yes | | [DMAcc CSP](dmacc-csp.md) | Yes | Yes | Yes | | [DMClient CSP](dmclient-csp.md) | Yes | Yes | Yes | -| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | No | No | Yes 10 | +| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | No | No | Yes | | [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | No | Yes | Yes | | [NetworkProxy CSP](networkproxy-csp.md) | No | No | Yes | -| [NetworkQoSPolicy CSP](networkqospolicy-csp.md) | No | No | Yes 8| +| [NetworkQoSPolicy CSP](networkqospolicy-csp.md) | No | No | Yes | | [NodeCache CSP](nodecache-csp.md) | Yes | Yes | Yes | [PassportForWork CSP](passportforwork-csp.md) | No | Yes | Yes | | [Policy CSP](policy-configuration-service-provider.md) | No | Yes | Yes | -| [RemoteFind CSP](remotefind-csp.md) | No | Yes 4 | Yes | -| [RemoteWipe CSP](remotewipe-csp.md) (**doWipe** and **doWipePersistProvisionedData** nodes only) | No | Yes 4 | Yes | +| [RemoteFind CSP](remotefind-csp.md) | No | Yes | Yes | +| [RemoteWipe CSP](remotewipe-csp.md) (**doWipe** and **doWipePersistProvisionedData** nodes only) | No | Yes | Yes | | [RootCATrustedCertificates CSP](rootcacertificates-csp.md) | No | Yes | Yes | -| [TenantLockdown CSP](tenantlockdown-csp.md) | No | No | Yes 10 | +| [TenantLockdown CSP](tenantlockdown-csp.md) | No | No | Yes | | [Update CSP](update-csp.md) | No | Yes | Yes | | [VPNv2 CSP](vpnv2-csp.md) | No | Yes | Yes | | [WiFi CSP](wifi-csp.md) | No | Yes | Yes | @@ -2589,7 +1237,7 @@ The following list shows the CSPs supported in HoloLens devices: ## CSPs supported in Microsoft Surface Hub -- [Accounts CSP](accounts-csp.md)9 +- [Accounts CSP](accounts-csp.md) > [!NOTE] > Support in Surface Hub is limited to **Domain\ComputerName**. - [AccountManagement CSP](accountmanagement-csp.md) @@ -2605,21 +1253,21 @@ The following list shows the CSPs supported in HoloLens devices: - [DMAcc CSP](dmacc-csp.md) - [DMClient CSP](dmclient-csp.md) - [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) -- [Firewall-CSP](firewall-csp.md)9 +- [Firewall-CSP](firewall-csp.md) - [HealthAttestation CSP](healthattestation-csp.md) - [NetworkQoSPolicy CSP](networkqospolicy-csp.md) - [NodeCache CSP](nodecache-csp.md) - [PassportForWork CSP](passportforwork-csp.md) - [Policy CSP](policy-configuration-service-provider.md) - [Reboot CSP](reboot-csp.md) -- [RemoteWipe CSP](remotewipe-csp.md)9 +- [RemoteWipe CSP](remotewipe-csp.md) - [Reporting CSP](reporting-csp.md) - [RootCATrustedCertificates CSP](rootcacertificates-csp.md) - [SurfaceHub CSP](surfacehub-csp.md) - [UEFI CSP](uefi-csp.md) -- [Wifi-CSP](wifi-csp.md)9 +- [Wifi-CSP](wifi-csp.md) - [WindowsAdvancedThreatProtection CSP](windowsadvancedthreatprotection-csp.md) -- [Wirednetwork-CSP](wirednetwork-csp.md)9 +- [Wirednetwork-CSP](wirednetwork-csp.md) ## CSPs supported in Windows 10 IoT Core From 5c6259d9f51f5870a7c0cd03a858efceff257fcd Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 10 Nov 2021 11:58:04 +0530 Subject: [PATCH 22/79] Fixed acrolinx and build issue --- .../app-v/appv-performance-guidance.md | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index 3b15cb36d4..0f85aca3ee 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -40,11 +40,11 @@ Some terms used in this document may have different meanings depending on extern Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI). -To help determine what information is relevant to your environment you should review each section’s brief overview and applicability checklist. +To help determine what information is relevant to your environment, you should review each section’s brief overview and applicability checklist. ## App-V in stateful\* non-persistent deployments -This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience. +This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. Many conditions must be met and steps followed to provide the optimal user experience. Use the information in the following section for more information: @@ -70,7 +70,7 @@ Use the information in the following section for more information: [Enhancing the VDI Experience through Performance Optimization/Tuning](#bkmk-evdi) -### Applicability Checklist +### Applicability Checklist |Checklist|Deployment Environment| |--- |--- | @@ -87,15 +87,15 @@ Use the information in the following section for more information: |--- |--- | |![Checklist box](images/checklistbox.gif)|Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.| -### Usage Scenarios +### Usage Scenarios As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both. |Optimized for Performance|Optimized for Storage| |--- |--- | -|To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.

    The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.|The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

    The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.| +|To provide the most optimal user experience, this approach uses the capabilities of a UPM solution and requires extra image preparation and can incur some more image management overhead.

    The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.|The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

    The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.| -### Preparing your Environment +### Preparing your Environment The following table displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach. @@ -103,14 +103,14 @@ The following table displays the required steps to prepare the base image and th |Optimized for Performance|Optimized for Storage| |--- |--- | -|

  • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
  • Configure for Shared Content Store (SCS) mode. For more information see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
  • Configure Preserve User Integrations on Login Registry DWORD.
  • Pre-configure all user- and global-targeted packages for example, **Add-AppvClientPackage**.
  • Pre-configure all user- and global-targeted connection groups for example, **Add-AppvClientConnectionGroup**.
  • Pre-publish all global-targeted packages.
    Alternatively,
  • Perform a global publishing/refresh.
  • Perform a user publishing/refresh.
  • Un-publish all user-targeted packages.
  • Delete the following user-Virtual File System (VFS) entries
    AppData\Local\Microsoft\AppV\Client\VFS
    AppData\Roaming\Microsoft\AppV\Client\VFS|
  • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
  • Configure for Shared Content Store (SCS) mode. For more information see Deploying the
  • App-V Sequencer and Configuring the Client.
  • Configure Preserve User Integrations on Login Registry DWORD.
  • Pre-configure all global-targeted packages for example,** Add-AppvClientPackage**.
  • Pre-configure all global-targeted connection groups for example, **Add-AppvClientConnectionGroup**.
  • Pre-publish all global-targeted packages.| +|
  • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
  • Configure for Shared Content Store (SCS) mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
  • Configure Preserve User Integrations on Login Registry DWORD.
  • Pre-configure all user- and global-targeted packages, for example, **Add-AppvClientPackage**.
  • Pre-configure all user- and global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**.
  • Pre-publish all global-targeted packages.
    Alternatively,
  • Perform a global publishing/refresh.
  • Perform a user publishing/refresh.
  • Unpublish all user-targeted packages.
  • Delete the following user-Virtual File System (VFS) entries
    AppData\Local\Microsoft\AppV\Client\VFS
    AppData\Roaming\Microsoft\AppV\Client\VFS|
  • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
  • Configure for Shared Content Store (SCS) mode. For more information, see Deploying the
  • App-V Sequencer and Configuring the Client.
  • Configure Preserve User Integrations on Login Registry DWORD.
  • Pre-configure all global-targeted packages, for example,** Add-AppvClientPackage**.
  • Pre-configure all global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**.
  • Pre-publish all global-targeted packages.| **Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information: |Configuration Setting|What does this do?|How should I use it?| |--- |--- |--- | -|Shared Content Store (SCS) Mode
  • Configurable in Windows PowerShell with Set-AppvClientConfiguration -SharedContentStoreMode 1
    or configurable with Group Policy, as described in [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).|When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).
    This helps to conserve local storage and minimize disk I/O per second (IOPS).|This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.| -|PreserveUserIntegrationsOnLogin
  • Configure in the Registry under **HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration**.
  • Create the DWORD value **PreserveUserIntegrationsOnLogin** with a value of 1.
  • Restart the App-V client service or restart the computer running the App-V Client.|If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then re-integrate*.
    For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.|If you don’t plan to pre-configure every available user package in the base image, use this setting.| +|Shared Content Store (SCS) Mode
  • Configurable in Windows PowerShell with Set-AppvClientConfiguration -SharedContentStoreMode 1
    Or configurable with Group Policy, as described in [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).|When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).
    This helps to conserve local storage and minimize disk I/O per second (IOPS).|This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.| +|PreserveUserIntegrationsOnLogin
  • Configure in the Registry under **HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration**.
  • Create the DWORD value **PreserveUserIntegrationsOnLogin** with a value of 1.
  • Restart the App-V client service or restart the computer running the App-V Client.|If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then reintegrate*.
    For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.|If you don’t plan to pre-configure every available user package in the base image, use this setting.| |MaxConcurrentPublishingRefresh
  • Configure in the Registry under **HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Publishing**.
  • Create the DWORD value **MaxConcurrentPublishingrefresh** with the desired maximum number of concurrent publishing refreshes.
  • The App-V client service and computer do not need to be restarted.|This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.|Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.
    If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.| ### Configure UE-V solution for App-V Approach From 920c4d20e4509e9f0dae6b7c55ad7a632e24006d Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Wed, 10 Nov 2021 15:16:20 +0530 Subject: [PATCH 23/79] review changes done --- windows/configuration/wcd/wcd-policies.md | 118 +++++++++++----------- 1 file changed, 59 insertions(+), 59 deletions(-) diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 5f2b24e7d5..0e11b80de9 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -321,13 +321,13 @@ These settings apply to the **Kiosk Browser** app available in Microsoft Store. | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | -[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | | -[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ | | | | | -[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | | -[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | | -[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | | -[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | | -[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ | | | | +|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | | +|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ | | | | +|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | | +|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | | +|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | | +|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | | +|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ | | | | To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer: @@ -439,11 +439,11 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in | [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✔️ | | | | -| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✔️ | | | | | +| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✔️ | | | | -| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✔️ | | | | | +| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✔️ | | | | -DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | | +| DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | | | [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ | | | | | [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ | | | | | [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ | | | | @@ -496,7 +496,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl | [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | | | [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | | | [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | | -| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | | | +| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | | | [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | | [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | | [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | | @@ -511,54 +511,54 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl ## Update -| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | -|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------:|:---------------:|:-----------:|:--------:| -| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | ✔️ | ✔️ | | ✔️ | -| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ | -| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ | -| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ | -| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | -| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | | ✔️ | -| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ | -| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ | -| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ | -| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | | ✔️ | -| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | | ✔️ | -| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ | -| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ | -| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ | -| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ | -| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ | -| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ | -| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | -| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | -| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ | -| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | | ✔️ | -| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ | -| PhoneUpdateRestrictions | Deprecated | | ✔️ | | | -| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | -| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | | ✔️ | -| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | | ✔️ | -| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | | ✔️ | -| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | | ✔️ | -| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | | ✔️ | -| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | | ✔️ | -| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | | ✔️ | -| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | -| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | +| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | +|---------|-------------|:--------------:|:-----------:|:--------:|:--------:| +| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | ✔️ | ✔️ | | ✔️ | +| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ | +| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ | +| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ | +| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | | ✔️ | +| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ | +| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | | ✔️ | +| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ | +| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ | +| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ | +| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | +| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | +| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ | +| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | | ✔️ | +| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ | +| PhoneUpdateRestrictions | Deprecated | | ✔️ | | | +| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ | +| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | | ✔️ | +| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | | ✔️ | +| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | | ✔️ | +| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | | ✔️ | +| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | | ✔️ | +| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | | ✔️ | +| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | | ✔️ | +| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | +| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ | ## WiFi From 365ef466a447ee111056df4a7197a5d790075b27 Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Wed, 10 Nov 2021 15:24:54 +0530 Subject: [PATCH 24/79] review changes --- windows/configuration/wcd/wcd-kioskbrowser.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md index cbb31ac787..b8dc34d1e1 100644 --- a/windows/configuration/wcd/wcd-kioskbrowser.md +++ b/windows/configuration/wcd/wcd-kioskbrowser.md @@ -24,7 +24,7 @@ Use KioskBrowser settings to configure Internet sharing. | All settings | | | | ✔️ | >[!NOTE] ->To configure Kiosk Browser settings for desktop editions, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser). +>To configure Kiosk Browser settings for Windows client, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser). Kiosk Browser settings | Use this setting to --- | --- From b24dfc02f71cc5cc5c49bbf820345a11c58d243b Mon Sep 17 00:00:00 2001 From: Meghana Athavale Date: Wed, 10 Nov 2021 15:33:10 +0530 Subject: [PATCH 25/79] review changes --- windows/configuration/wcd/wcd-start.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md index bebe2a9e3d..f07294f5b3 100644 --- a/windows/configuration/wcd/wcd-start.md +++ b/windows/configuration/wcd/wcd-start.md @@ -24,7 +24,7 @@ Use Start settings to apply a customized Start screen to devices. | StartLayout | ✔️ | | | | >[!IMPORTANT] ->The StartLayout setting is available in the advanced provisioning for Windows 10 desktop editions, but shouldn't be used. For desktop editions, use [Policies > StartLayout](wcd-policies.md#start). +>The StartLayout setting is available in the advanced provisioning for Windows 10 Windows client, but shouldn't be used. For Windows client, use [Policies > StartLayout](wcd-policies.md#start). ## StartLayout From 5bdacc3ebf9a6ec23beea77aa239be95a629bfe5 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 10 Nov 2021 19:03:35 +0530 Subject: [PATCH 26/79] 5548201: HTMLTableConvertMD-Batch03 --- ...a-structures-windows-store-for-business.md | 1129 +++-------------- .../mdm/device-update-management.md | 131 +- windows/client-management/mdm/dmclient-csp.md | 299 +---- .../mdm/dmprocessconfigxmlfiltered.md | 83 +- .../mdm/enterpriseassignedaccess-csp.md | 907 +++---------- .../mdm/enterprisedataprotection-csp.md | 33 +- .../mdm/enterprisedesktopappmanagement-csp.md | 199 +-- .../client-management/mdm/get-inventory.md | 147 +-- .../mdm/get-localized-product-details.md | 98 +- .../mdm/get-offline-license.md | 105 +- .../mdm/get-product-details.md | 90 +- .../mdm/get-product-package.md | 111 +- .../mdm/get-product-packages.md | 100 +- windows/client-management/mdm/get-seat.md | 111 +- .../mdm/get-seats-assigned-to-a-user.md | 96 +- 15 files changed, 557 insertions(+), 3082 deletions(-) diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index b1e8b42c40..46fda3c4d4 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -54,1067 +54,262 @@ Here's the list of data structures used in the Microsoft Store for Business REST Specifies the properties of the alternate identifier. - ----- - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    type

    string

    LegacyWindowStoreProductId, LegacyWindowsPhoneProductId, RedirectToThresholdProductId

    value

    string

    - - +|Name|Type|Description| +|--- |--- |--- | +|type|string|LegacyWindowStoreProductId, LegacyWindowsPhoneProductId, RedirectToThresholdProductId| +|value|string|| ## BulkSeatOperationResultSet - - ---- - - - - - - - - - - - - - - - - -
    NameType

    seatDetails

    collection of SeatDetails

    failedSeatOperations

    collection of FailedSeatRequest

    - - +|Name|Type| +|--- |--- | +|seatDetails|collection of [SeatDetails](#seatdetails)| +|failedSeatOperations|collection of [FailedSeatRequest](#failedseatrequest)| ## FailedSeatRequest - - ---- - - - - - - - - - - - - - - - - - - - - -
    NameType

    failureReason

    string

    productKey

    ProductKey

    userName

    string

    - - +|Name|Type| +|--- |--- | +|failureReason|string| +|productKey|[ProductKey](#productkey)| +|userName|string| ## FrameworkPackageDetails - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    packageId

    string

    contentId

    string

    Identifies a specific application.

    location

    PackageLocation

    packageFullName

    string

    packageIdentityName

    string

    architectures

    collection of ProductArchitectures

    packageFormat

    ProductPackageFormat

    platforms

    collection of ProductPlatform

    fileSize

    integer-64

    Size of the file.

    packageRank

    integer-32

    Optional

    - - +|Name|Type|Description| +|--- |--- |--- | +|packageId|string|| +|contentId|string|Identifies a specific application.| +|location|[PackageLocation](#packagelocation)|| +|packageFullName|string|| +|packageIdentityName|string|| +|architectures|collection of [ProductArchitectures](#productarchitectures)|| +|packageFormat|[ProductPackageFormat](#productpackageformat)|| +|platforms|collection of [ProductPlatform](#productplatform)|| +|fileSize|integer-64|Size of the file.| +|packageRank|integer-32|Optional| ## InventoryDistributionPolicy - - ---- - - - - - - - - - - - - - - - - -
    NameDescription

    open

    Open distribution policy - licenses/seats can be assigned/consumed without limit

    restricted

    Restricted distribution policy - licenses/seats must be assigned/consumed according to the available count

    - - +|Name|Description| +|--- |--- | +|open|Open distribution policy - licenses/seats can be assigned/consumed without limit| +|restricted|Restricted distribution policy - licenses/seats must be assigned/consumed according to the available count| ## InventoryEntryDetails - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    productKey

    ProductKey

    Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.

    seatCapacity

    integer-64

    Total number of seats that have been purchased for an application.

    availableSeats

    integer-64

    Number of available seats remaining for an application.

    lastModified

    dateTime

    Specifies the last modified date for an application. Modifications for an application includes updated product details, updates to an application, and updates to the quantity of an application.

    licenseType

    LicenseType

    Indicates whether the set of seats for a given application supports online or offline licensing.

    distributionPolicy

    InventoryDistributionPolicy

    status

    InventoryStatus

    - - +|Name|Type|Description| +|--- |--- |--- | +|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.| +|seatCapacity|integer-64|Total number of seats that have been purchased for an application.| +|availableSeats|integer-64|Number of available seats remaining for an application.| +|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application includes updated product details, updates to an application, and updates to the quantity of an application.| +|licenseType|[LicenseType](#licensetype)|Indicates whether the set of seats for a given application supports online or offline licensing.| +|distributionPolicy|[InventoryDistributionPolicy](#inventorydistributionpolicy)|| +|status|[InventoryStatus](#inventorystatus)|| ## InventoryResultSet - ----- - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    continuationToken

    string

    Only available if there is a next page.

    inventoryEntries

    collection of InventoryEntryDetails

    - +|Name|Type|Description| +|--- |--- |--- | +|continuationToken|string|Only available if there is a next page.| +|inventoryEntries|collection of [InventoryEntryDetails](#inventoryentrydetails)|| - ## InventoryStatus - - ---- - - - - - - - - - - - - - - - - -
    NameDescription

    active

    Entry is available in the organization’s inventory.

    removed

    Entry has been removed from the organization’s inventory.

    - - +|Name|Description| +|--- |--- | +|active|Entry is available in the organization’s inventory.| +|removed|Entry has been removed from the organization’s inventory.| ## LicenseType - - ---- - - - - - - - - - - - - - - - - -
    NameDescription

    online

    Online license application.

    offline

    Offline license application.

    - - +|Name|Description| +|--- |--- | +|online|Online license application.| +|offline|Offline license application.| ## LocalizedProductDetail Specifies the properties of the localized product. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    language

    string

    Language or fallback language if the specified language is not available.

    displayName

    string

    Display name of the application.

    description

    string

    App description provided by developer can be up to 10,000 characters.

    images

    collection of ProductImage

    Artwork and icon associated with the application.

    publisher

    PublisherDetails

    Publisher of the application.

    - - +|Name|Type|Description| +|--- |--- |--- | +|language|string|Language or fallback language if the specified language is not available.| +|displayName|string|Display name of the application.| +|description|string|App description provided by developer can be up to 10,000 characters.| +|images|collection of [ProductImage](#productimage)|Artwork and icon associated with the application.| +|publisher|[PublisherDetails](#publisherdetails)|Publisher of the application.| ## OfflineLicense - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    productKey

    ProductKey

    Identifies a set of seats associated with an application.

    licenseBlob

    string

    Base-64 encoded offline license that can be installed via a CSP.

    licenseInstanceId

    string

    Version of the license.

    requestorId

    string

    Organization requesting the license.

    contentId

    string

    Identifies the specific license required by an application.

    - - +|Name|Type|Description| +|--- |--- |--- | +|productKey|[ProductKey](#productkey)|Identifies a set of seats associated with an application.| +|licenseBlob|string|Base-64 encoded offline license that can be installed via a CSP.| +|licenseInstanceId|string|Version of the license.| +|requestorId|string|Organization requesting the license.| +|contentId|string|Identifies the specific license required by an application.| ## PackageContentInfo - ---- - - - - - - - - - - - - - - - - -
    NameType

    productPlatforms

    collection of ProductPlatform

    packageFormat

    string

    - - +|Name|Type| +|--- |--- | +|productPlatforms|collection of ProductPlatform| +|packageFormat|string| ## PackageLocation - ----- - - - - - - - - - - - - - - -
    NameTypeDescription

    url

    URI

    CDN location of the packages. URL expiration is based on the estimated time to download the package.

    +|Name|Type|Description| +|--- |--- |--- | +|url|URI|CDN location of the packages. URL expiration is based on the estimated time to download the package.| - ## ProductArchitectures - - --- - - - - - - - - - - - - - - - - - - - -
    Name

    neutral

    arm

    x86

    x64

    - - +|Name| +|--- | +|neutral| +|arm| +|x86| +|x64| ## ProductDetails +|Name|Type|Description| +|--- |--- |--- | +|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.| +|productType|string|Type of product.| +|supportedLanguages|collection of string|The set of localized languages for an application.| +|publisherId|string|Publisher identifier.| +|category|string|Application category.| +|alternateIds|collection of [AlternateIdentifier](#alternateidentifier)|The identifiers that can be used to instantiate the installation of on online application.| +|packageFamilyName|string|| +|supportedPlatforms|collection of [ProductPlatform](#productplatform)|| - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    productKey

    ProductKey

    Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.

    productType

    string

    Type of product.

    supportedLanguages

    collection of string

    The set of localized languages for an application.

    publisherId

    string

    Publisher identifier.

    category

    string

    Application category.

    alternateIds

    collection of AlternateIdentifier

    The identifiers that can be used to instantiate the installation of on online application.

    packageFamilyName

    string

    supportedPlatforms

    collection of ProductPlatform

    - - ## ProductImage - Specifies the properties of the product image. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    location

    URI

    Location of the download image.

    purpose

    string

    Tag for the purpose of the image, e.g. "screenshot" or "logo".

    height

    string

    Height of the image in pixels.

    width

    string

    Width of the image in pixels.

    caption

    string

    Unlimited length.

    backgroundColor

    string

    Format "#RRGGBB"

    foregroundColor

    string

    Format "#RRGGBB"

    fileSize

    integer-64

    Size of the file.

    - - +|Name|Type|Description| +|--- |--- |--- | +|location|URI|Location of the download image.| +|purpose|string|Tag for the purpose of the image, e.g. "screenshot" or "logo".| +|height|string|Height of the image in pixels.| +|width|string|Width of the image in pixels.| +|caption|string|Unlimited length.| +|backgroundColor|string|Format "#RRGGBB"| +|foregroundColor|string|Format "#RRGGBB"| +|fileSize|integer-64|Size of the file.| ## ProductKey - Specifies the properties of the product key. - ----- - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    productId

    string

    Product identifier for an application that is used by the Store for Business.

    skuId

    string

    Product identifier that specifies a specific SKU of an application.

    - - +|Name|Type|Description| +|--- |--- |--- | +|productId|string|Product identifier for an application that is used by the Store for Business.| +|skuId|string|Product identifier that specifies a specific SKU of an application.| ## ProductPackageDetails - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    frameworkDependencyPackages

    collection of FrameworkPackageDetails

    packageId

    string

    contentId

    string

    Identifies a specific application.

    location

    PackageLocation

    packageFullName

    string

    example, Microsoft.BingTranslator_1.1.10917.2059_x86__8wekyb3d8bbwe

    packageIdentityName

    string

    example, Microsoft.BingTranslator

    architectures

    collection of ProductArchitectures

    Values {x86, x64, arm, neutral}

    packageFormat

    ProductPackageFormat

    Extension of the package file.

    platforms

    collection of ProductPlatform

    fileSize

    integer-64

    Size of the file.

    packageRank

    integer-32

    Optional

    - - +|Name|Type|Description| +|--- |--- |--- | +|frameworkDependencyPackages|collection of [FrameworkPackageDetails](#frameworkpackagedetails)|| +|packageId|string|| +|contentId|string|Identifies a specific application.| +|location|[PackageLocation](#packagelocation)|| +|packageFullName|string|example,Microsoft.BingTranslator_1.1.10917.2059_x86__8wekyb3d8bbwe| +|packageIdentityName|string|example, Microsoft.BingTranslator| +|architectures|collection of [ProductArchitectures](#productarchitectures)|Values {x86, x64, arm, neutral}| +|packageFormat|[ProductPackageFormat](#productpackageformat)|Extension of the package file.| +|platforms|collection of [ProductPlatform](#productplatform)|| +|fileSize|integer-64|Size of the file.| +|packageRank|integer-32|Optional| ## ProductPackageFormat - - --- - - - - - - - - - - - - - - - - -
    Name

    appx

    appxBundle

    xap

    - - +|Name| +|--- | +|appx| +|appxBundle| +|xap| ## ProductPackageSet - - ----- - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    packageSetId

    string

    An identifier for the particular combination of application packages.

    productPackages

    collection of ProductPackageDetails

    A collection of application packages.

    - - +|Name|Type|Description| +|--- |--- |--- | +|packageSetId|string|An identifier for the particular combination of application packages.| +|productPackages|collection of [ProductPackageDetails](#productpackagedetails)|A collection of application packages.| ## ProductPlatform - - ---- - - - - - - - - - - - - - - - - - - - - -
    NameType

    platformName

    string

    minVersion

    VersionInfo

    maxTestedVersion

    VersionInfo

    - - +|Name|Type| +|--- |--- | +|platformName|string| +|minVersion|[VersionInfo](#versioninfo)| +|maxTestedVersion|[VersionInfo](#versioninfo)| ## PublisherDetails - Specifies the properties of the publisher details. - ----- - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    publisherName

    string

    Name of the publisher.

    publisherWebsite

    string

    Website of the publisher.

    - - +|Name|Type|Description| +|--- |--- |--- | +|publisherName|string|Name of the publisher.| +|publisherWebsite|string|Website of the publisher.| ## SeatAction - --- - - - - - - - - - - - - - -
    Name

    assign

    reclaim

    - - +|Name| +|--- | +|assign| +|reclaim| ## SeatDetails - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    NameTypeDescription

    assignedTo

    string

    Format = UPN (user@domain)

    dateAssigned

    datetime

    state

    SeatState

    productKey

    ProductKey

    - - +|Name|Type|Description| +|--- |--- |--- | +|assignedTo|string|Format = UPN (user@domain)| +|dateAssigned|datetime|| +|state|[SeatState](#seatstate)|| +|productKey|[ProductKey](#productkey)|| ## SeatDetailsResultSet - - ---- - - - - - - - - - - - - - - - - -
    NameType

    seats

    collection of SeatDetails

    continuationToken

    string

    - - +|Name|Type| +|--- |--- | +|seats|collection of [SeatDetails](#seatdetails)| +|continuationToken|string| ## SeatState - - --- - - - - - - - - - - - - - -
    Name

    active

    revoked

    - - +|Name| +|--- | +|active| +|revoked| ## SupportedProductPlatform - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    NameType

    platformName

    string

    minVersion

    VersionInfo

    maxTestedVersion

    VersionInfo

    architectures

    collection of ProductArchitectures

    - - +|Name|Type| +|--- |--- | +|platformName|string| +|minVersion|[VersionInfo](#versioninfo)| +|maxTestedVersion|[VersionInfo](#versioninfo)| +|architectures|collection of [ProductArchitectures](#productarchitectures)| ## VersionInfo - - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    NameType

    major

    integer-32

    minor

    integer-32

    build

    integer-32

    revision

    integer-32

    +|Name|Type| +|--- |--- | +|major|integer-32| +|minor|integer-32| +|build|integer-32| +|revision|integer-32| diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index b41ccfecfa..2586da6859 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -356,57 +356,11 @@ If the **Specify intranet Microsoft update service location** policy is enabled, If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the **Defer upgrades by**, **Defer updates by** and **Pause Updates and Upgrades** settings have no effect. - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Update categoryMaximum deferralDeferral incrementUpdate type/notes

    OS upgrade

    8 months

    1 month

    Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5

    Update

    1 month

    1 week

    -Note -If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic. -
    -
      -
    • Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
      • -
    • Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
      • -
    • Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
      • -
    • Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
      • -
    • Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
      • -
    • Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
      • -
    • Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
      • -
    • Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0
      • -

    Other/cannot defer

    No deferral

    No deferral

    Any update category not enumerated above falls into this category.

    -

    Definition Update - E0789628-CE08-4437-BE74-2495B842F43B

    - +|Update category|Maximum deferral|Deferral increment|Update type/notes| +|--- |--- |--- |--- | +|OS upgrade|8 months|1 month|Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5| +|Update|1 month|1 week|
    **Note:**
    If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
  • Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
  • Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
  • Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
  • Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
  • Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
  • Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
  • Update -
  • CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
  • Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0| +|Other/cannot defer|No deferral|No deferral|Any update category not enumerated above falls into this category.

    Definition Update - E0789628-CE08-4437-BE74-2495B842F43B| **Update/DeferUpgradePeriod** > [!NOTE] @@ -878,71 +832,16 @@ Here are the new policies added in Windows 10, version 1607 in [Policy CSP](pol Here's the list of corresponding Group Policy settings in HKLM\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    GPO keyTypeValue

    BranchReadinessLevel

    REG_DWORD

    16: systems take Feature Updates on the Current Branch (CB) train

    -

    32: systems take Feature Updates on the Current Branch for Business

    -

    Other value or absent: receive all applicable updates (CB)

    DeferQualityUpdates

    REG_DWORD

    1: defer quality updates

    -

    Other value or absent: don’t defer quality updates

    DeferQualityUpdatesPeriodInDays

    REG_DWORD

    0-30: days to defer quality updates

    PauseQualityUpdates

    REG_DWORD

    1: pause quality updates

    -

    Other value or absent: don’t pause quality updates

    DeferFeatureUpdates

    REG_DWORD

    1: defer feature updates

    -

    Other value or absent: don’t defer feature updates

    DeferFeatureUpdatesPeriodInDays

    REG_DWORD

    0-180: days to defer feature updates

    PauseFeatureUpdates

    REG_DWORD

    1: pause feature updates

    -

    Other value or absent: don’t pause feature updates

    ExcludeWUDriversInQualityUpdate

    REG_DWORD

    1: exclude WU drivers

    -

    Other value or absent: offer WU drivers

    - - +|GPO key|Type|Value| +|--- |--- |--- | +|BranchReadinessLevel|REG_DWORD|16: systems take Feature Updates on the Current Branch (CB) train

    32: systems take Feature Updates on the Current Branch for Business

    Other value or absent: receive all applicable updates (CB)| +|DeferQualityUpdates|REG_DWORD|1: defer quality updates

    Other value or absent: don’t defer quality updates| +|DeferQualityUpdatesPeriodInDays|REG_DWORD|0-30: days to defer quality updates| +|PauseQualityUpdates|REG_DWORD|1: pause quality updates

    Other value or absent: don’t pause quality updates| +|DeferFeatureUpdates|REG_DWORD|1: defer feature updates

    Other value or absent: don’t defer feature updates| +|DeferFeatureUpdatesPeriodInDays|REG_DWORD|0-180: days to defer feature updates| +|PauseFeatureUpdates|REG_DWORD|1: pause feature updates

    Other value or absent: don’t pause feature updates| +|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude WU drivers

    Other value or absent: offer WU drivers| Here's the list of older policies that are still supported for backward compatibility. You can use these older policies for Windows 10, version 1511 devices. diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md index 797a8ff619..592daf59ec 100644 --- a/windows/client-management/mdm/dmclient-csp.md +++ b/windows/client-management/mdm/dmclient-csp.md @@ -328,220 +328,50 @@ If there's no infinite schedule set, then a 24-hour schedule is created and sche **Valid poll schedule: sigmoid polling schedule with infinite schedule (Recommended).** - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Schedule nameSchedule set by the serverActual value queried on device

    IntervalForFirstSetOfRetries

    15

    15

    NumberOfFirstRetries

    5

    5

    IntervalForSecondSetOfRetries

    60

    60

    NumberOfSecondRetries

    10

    10

    IntervalForRemainingScheduledRetries

    1440

    1440

    NumberOfRemainingScheduledRetries

    0

    0

    +|Schedule name|Schedule set by the server|Actual value queried on device| +|--- |--- |--- | +|IntervalForFirstSetOfRetries|15|15| +|NumberOfFirstRetries|5|5| +|IntervalForSecondSetOfRetries|60|60| +|NumberOfSecondRetries|10|10| +|IntervalForRemainingScheduledRetries|1440|1440| +|NumberOfRemainingScheduledRetries|0|0| - +**Valid poll schedule: initial enrollment only [no infinite schedule]** -**Valid poll schedule: initial enrollment only \[no infinite schedule\]** - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Schedule nameSchedule set by the serverActual value queried on device

    IntervalForFirstSetOfRetries

    15

    15

    NumberOfFirstRetries

    5

    5

    IntervalForSecondSetOfRetries

    60

    60

    NumberOfSecondRetries

    10

    10

    IntervalForRemainingScheduledRetries

    0

    0

    NumberOfRemainingScheduledRetries

    0

    0

    - - +|Schedule name|Schedule set by the server|Actual value queried on device| +|--- |--- |--- | +|IntervalForFirstSetOfRetries|15|15| +|NumberOfFirstRetries|5|5| +|IntervalForSecondSetOfRetries|60|60| +|NumberOfSecondRetries|10|10| +|IntervalForRemainingScheduledRetries|0|0| +|NumberOfRemainingScheduledRetries|0|0| **Invalid poll schedule: disable all poll schedules** > [!NOTE] > Disabling poll schedules results in UNDEFINED behavior and enrollment may fail if poll schedules are all set to zero. +|Schedule name|Schedule set by the server|Actual value queried on device| +|--- |--- |--- | +|IntervalForFirstSetOfRetries|0|0| +|NumberOfFirstRetries|0|0| +|IntervalForSecondSetOfRetries|0|0| +|NumberOfSecondRetries|0|0| +|IntervalForRemainingScheduledRetries|0|0| +|NumberOfRemainingScheduledRetries|0|0| - - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Schedule nameSchedule set by the serverActual value queried on device

    IntervalForFirstSetOfRetries

    0

    0

    NumberOfFirstRetries

    0

    0

    IntervalForSecondSetOfRetries

    0

    0

    NumberOfSecondRetries

    0

    0

    IntervalForRemainingScheduledRetries

    0

    0

    NumberOfRemainingScheduledRetries

    0

    0

    - - - **Invalid poll schedule: two infinite schedules** - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Schedule nameSchedule set by serverActual schedule set on deviceActual experience

    IntervalForFirstSetOfRetries

    15

    15

    Device polls

    NumberOfFirstRetries

    5

    5

    Device polls

    IntervalForSecondSetOfRetries

    1440

    1440

    Device polls the server once in 24 hours

    NumberOfSecondRetries

    0

    0

    Device polls the server once in 24 hours

    IntervalForRemainingScheduledRetries

    1440

    0

    Third schedule is disabled

    NumberOfRemainingScheduledRetries

    0

    0

    Third schedule is disabled

    - - +|Schedule name|Schedule set by server|Actual schedule set on device|Actual experience| +|--- |--- |--- |--- | +|IntervalForFirstSetOfRetries|15|15|Device polls| +|NumberOfFirstRetries|5|5|Device polls| +|IntervalForSecondSetOfRetries|1440|1440|Device polls the server once in 24 hours| +|NumberOfSecondRetries|0|0|Device polls the server once in 24 hours| +|IntervalForRemainingScheduledRetries|1440|0|Third schedule is disabled| +|NumberOfRemainingScheduledRetries|0|0|Third schedule is disabled| If the device was previously enrolled in MDM with polling schedule configured using the registry key values directly, the MDM provider that supports using DMClient CSP to update polling schedule must first send an Add command to add a **./Vendor/MSFT/DMClient/Enrollment/<ProviderID>/Poll** node before it sends a Get/Replace command to query or update polling parameters using the DMClient CSP @@ -654,58 +484,17 @@ Supported operation is Get. The status error mapping is listed below. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    StatusDescription

    0

    Success

    1

    Failure: invalid PFN

    2

    Failure: invalid or expired device authentication with MSA

    3

    Failure: WNS client registration failed due to an invalid or revoked PFN

    4

    Failure: no Channel URI assigned

    5

    Failure: Channel URI has expired

    6

    Failure: Channel URI failed to be revoked

    7

    Failure: push notification received, but unable to establish an OMA-DM session due to power or connectivity limitations.

    8

    Unknown error

    - - +|Status|Description| +|--- |--- | +|0|Success| +|1|Failure: invalid PFN| +|2|Failure: invalid or expired device authentication with MSA| +|3|Failure: WNS client registration failed due to an invalid or revoked PFN| +|4|Failure: no Channel URI assigned| +|5|Failure: Channel URI has expired| +|6|Failure: Channel URI failed to be revoked| +|7|Failure: push notification received, but unable to establish an OMA-DM session due to power or connectivity limitations.| +|8|Unknown error| **Provider/*ProviderID*/CustomEnrollmentCompletePage** Optional. Added in Windows 10, version 1703. diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md index ece8bfd765..1dbe4932a9 100644 --- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md +++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md @@ -92,42 +92,13 @@ If **DMProcessConfigXMLFiltered** retrieves a document, the *pbstrXmlOut* holds Returns the standard **HRESULT** value **S\_OK** to indicate success. The following table shows more error codes that can be returned: - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Return codeDescription

    CONFIG_E_OBJECTBUSY

    Another instance of the configuration management service is currently running.

    CONFIG_E_ENTRYNOTFOUND

    No metabase entry was found.

    CONFIG_E_CSPEXCEPTION

    An exception occurred in one of the configuration service providers.

    CONFIG_E_TRANSACTIONINGFAILURE

    A configuration service provider failed to roll back properly. The affected settings might be in an unknown state.

    CONFIG_E_BAD_XML

    The XML input is invalid or malformed.

    - - +|Return code|Description| +|--- |--- | +|**CONFIG_E_OBJECTBUSY**|Another instance of the configuration management service is currently running.| +|**CONFIG_E_ENTRYNOTFOUND**|No metabase entry was found.| +|**CONFIG_E_CSPEXCEPTION**|An exception occurred in one of the configuration service providers.| +|**CONFIG_E_TRANSACTIONINGFAILURE**|A configuration service provider failed to roll back properly. The affected settings might be in an unknown state.| +|**CONFIG_E_BAD_XML**|The XML input is invalid or malformed.| ## Remarks @@ -190,38 +161,14 @@ if ( bstr != NULL ) ## Requirements - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Minimum supported client

    None supported

    Minimum supported server

    None supported

    Minimum supported phone

    Windows Phone 8.1

    Header

    Dmprocessxmlfiltered.h

    Library

    Dmprocessxmlfiltered.lib

    DLL

    Dmprocessxmlfiltered.dll

    +|Requirement|Support| +|--- |--- | +|Minimum supported client|None supported| +|Minimum supported server|None supported| +|Minimum supported phone|Windows Phone 8.1| +|Header|Dmprocessxmlfiltered.h| +|Library|Dmprocessxmlfiltered.lib| +|DLL|Dmprocessxmlfiltered.dll| ## See also diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index ee057f96bd..19e286781b 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -631,110 +631,30 @@ Supported operations are Get and Replace. **Theme/ThemeAccentColorID** The accent color to apply as the foreground color for tiles, controls, and other visual elements on the device. The following table shows the possible values. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueDescription

    0

    Lime

    1

    Green

    2

    Emerald

    3

    Teal (Viridian)

    4

    Cyan (Blue)

    5

    Cobalt

    6

    Indigo

    7

    Violet (Purple)

    8

    Pink

    9

    Magenta

    10

    Crimson

    11

    Red

    12

    Orange (Mango)

    13

    Amber

    14

    Yellow

    15

    Brown

    16

    Olive

    17

    Steel

    18

    Mauve

    19

    Sienna

    101 through 104

    Optional colors, as defined by the OEM

    151

    Custom accent color for Enterprise

    - - +|Value|Description| +|--- |--- | +|0|Lime| +|1|Green| +|2|Emerald| +|3|Teal (Viridian)| +|4|Cyan (Blue)| +|5|Cobalt| +|6|Indigo| +|7|Violet (Purple)| +|8|Pink| +|9|Magenta| +|10|Crimson| +|11|Red| +|12|Orange (Mango)| +|13|Amber| +|14|Yellow| +|15|Brown| +|16|Olive| +|17|Steel| +|18|Mauve| +|19|Sienna| +|101 through 104|Optional colors, as defined by the OEM| +|151|Custom accent color for Enterprise| Supported operations are Get and Replace. @@ -758,433 +678,111 @@ An integer that specifies the time zone of the device. The following table shows Supported operations are Get and Replace. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ValueTime zone

    0

    UTC-12 International Date Line West

    100

    UTC+13 Samoa

    110

    UTC-11 Coordinated Universal Time-11

    200

    UTC-10 Hawaii

    300

    UTC-09 Alaska

    400

    UTC-08 Pacific Time (US & Canada)

    410

    UTC-08 Baja California

    500

    UTC-07 Mountain Time (US & Canada)

    510

    UTC-07 Chihuahua, La Paz, Mazatlan

    520

    UTC-07 Arizona

    600

    UTC-06 Saskatchewan

    610

    UTC-06 Central America

    620

    UTC-06 Central Time (US & Canada)

    630

    UTC-06 Guadalajara, Mexico City, Monterrey

    700

    UTC-05 Eastern Time (US & Canada)

    710

    UTC-05 Bogota, Lima, Quito

    720

    UTC-05 Indiana (East)

    800

    UTC-04 Atlantic Time (Canada)

    810

    UTC-04 Cuiaba

    820

    UTC-04 Santiago

    830

    UTC-04 Georgetown, La Paz, Manaus, San Juan

    840

    UTC-04 Caracas

    850

    UTC-04 Asuncion

    900

    UTC-03:30 Newfoundland

    910

    UTC-03 Brasilia

    920

    UTC-03 Greenland

    930

    UTC-03 Montevideo

    940

    UTC-03 Cayenne, Fortaleza

    950

    UTC-03 Buenos Aires

    960

    UTC-03 Salvador

    1000

    UTC-02 Mid-Atlantic

    1010

    UTC-02 Coordinated Universal Time-02

    1100

    UTC-01 Azores

    1110

    UTC-01 Cabo Verde

    1200

    UTC Dublin, Edinburgh, Lisbon, London

    1210

    UTC Monrovia, Reykjavik

    1220

    UTC Casablanca

    1230

    UTC Coordinated Universal Time

    1300

    UTC+01 Belgrade, Bratislava, Budapest, Ljubljana, Prague

    1310

    UTC+01 Sarajevo, Skopje, Warsaw, Zagreb

    1320

    UTC+01 Brussels, Copenhagen, Madrid, Paris

    1330

    UTC+01 West Central Africa

    1340

    UTC+01 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna

    1350

    UTC+01 Windhoek

    1360

    UTC+01 Tripoli

    1400

    UTC+02 E. Europe

    1410

    UTC+02 Cairo

    1420

    UTC+02 Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius

    1430

    UTC+02 Athens, Bucharest

    1440

    UTC+02 Jerusalem

    1450

    UTC+02 Amman

    1460

    UTC+02 Beirut

    1470

    UTC+02 Harare, Pretoria

    1480

    UTC+02 Damascus

    1490

    UTC+02 Istanbul

    1500

    UTC+03 Kuwait, Riyadh

    1510

    UTC+03 Baghdad

    1520

    UTC+03 Nairobi

    1530

    UTC+03 Kaliningrad, Minsk

    1540

    UTC+04 Moscow, St. Petersburg, Volgograd

    1550

    UTC+03 Tehran

    1600

    UTC+04 Abu Dhabi, Muscat

    1610

    UTC+04 Baku

    1620

    UTC+04 Yerevan

    1630

    UTC+04 Kabul

    1640

    UTC+04 Tbilisi

    1650

    UTC+04 Port Louis

    1700

    UTC+06 Ekaterinburg

    1710

    UTC+05 Tashkent

    1720

    UTC+05 Chennai, Kolkata, Mumbai, New Delhi

    1730

    UTC+05 Sri Jayawardenepura

    1740

    UTC+05 Kathmandu

    1750

    UTC+05 Islamabad, Karachi

    1800

    UTC+06 Astana

    1810

    UTC+07 Novosibirsk

    1820

    UTC+06 Yangon (Rangoon)

    1830

    UTC+06 Dhaka

    1900

    UTC+08 Krasnoyarsk

    1910

    UTC+07 Bangkok, Hanoi, Jakarta

    1900

    UTC+08 Krasnoyarsk

    2000

    UTC+08 Beijing, Chongqing, Hong Kong SAR, Urumqi

    2010

    UTC+09 Irkutsk

    2020

    UTC+08 Kuala Lumpur, Singapore

    2030

    UTC+08 Taipei

    2040

    UTC+08 Perth

    2050

    UTC+08 Ulaanbaatar

    2100

    UTC+09 Seoul

    2110

    UTC+09 Osaka, Sapporo, Tokyo

    2120

    UTC+10 Yakutsk

    2130

    UTC+09 Darwin

    2140

    UTC+09 Adelaide

    2200

    UTC+10 Canberra, Melbourne, Sydney

    2210

    UTC+10 Brisbane

    2220

    UTC+10 Hobart

    2230

    UTC+11 Vladivostok

    2240

    UTC+10 Guam, Port Moresby

    2300

    UTC+11 Solomon Is., New Caledonia

    2310

    UTC+12 Magadan

    2400

    UTC+12 Fiji

    2410

    UTC+12 Auckland, Wellington

    2420

    UTC+12 Petropavlovsk-Kamchatsky

    2430

    UTC+12 Coordinated Universal Time +12

    2500

    UTC+13 Nuku'alofa

    - +|Value|Time zone| +|--- |--- | +|0|UTC-12 International Date Line West| +|100|UTC+13 Samoa| +|110|UTC-11 Coordinated Universal Time-11| +|200|UTC-10 Hawaii| +|300|UTC-09 Alaska| +|400|UTC-08 Pacific Time (US & Canada)| +|410|UTC-08 Baja California| +|500|UTC-07 Mountain Time (US & Canada)| +|510|UTC-07 Chihuahua, La Paz, Mazatlan| +|520|UTC-07 Arizona| +|600|UTC-06 Saskatchewan| +|610|UTC-06 Central America| +|620|UTC-06 Central Time (US & Canada)| +|630|UTC-06 Guadalajara, Mexico City, Monterrey| +|700|UTC-05 Eastern Time (US & Canada)| +|710|UTC-05 Bogota, Lima, Quito| +|720|UTC-05 Indiana (East)| +|800|UTC-04 Atlantic Time (Canada)| +|810|UTC-04 Cuiaba| +|820|UTC-04 Santiago| +|830|UTC-04 Georgetown, La Paz, Manaus, San Juan| +|840|UTC-04 Caracas| +|850|UTC-04 Asuncion| +|900|UTC-03:30 Newfoundland| +|910|UTC-03 Brasilia| +|920|UTC-03 Greenland| +|930|UTC-03 Montevideo| +|940|UTC-03 Cayenne, Fortaleza| +|950|UTC-03 Buenos Aires| +|960|UTC-03 Salvador| +|1000|UTC-02 Mid-Atlantic| +|1010|UTC-02 Coordinated Universal Time-02| +|1100|UTC-01 Azores| +|1110|UTC-01 Cabo Verde| +|1200|UTC Dublin, Edinburgh, Lisbon, London| +|1210|UTC Monrovia, Reykjavik| +|1220|UTC Casablanca| +|1230|UTC Coordinated Universal Time| +|1300|UTC+01 Belgrade, Bratislava, Budapest, Ljubljana, Prague| +|1310|UTC+01 Sarajevo, Skopje, Warsaw, Zagreb| +|1320|UTC+01 Brussels, Copenhagen, Madrid, Paris| +|1330|UTC+01 West Central Africa| +|1340|UTC+01 Amsterdam, Berlin, Bern, Rome, Stockholm, Vienna| +|1350|UTC+01 Windhoek| +|1360|UTC+01 Tripoli| +|1400|UTC+02 E. Europe| +|1410|UTC+02 Cairo| +|1420|UTC+02 Helsinki, Kyiv, Riga, Sofia, Tallinn, Vilnius| +|1430|UTC+02 Athens, Bucharest| +|1440|UTC+02 Jerusalem| +|1450|UTC+02 Amman| +|1460|UTC+02 Beirut| +|1470|UTC+02 Harare, Pretoria| +|1480|UTC+02 Damascus| +|1490|UTC+02 Istanbul| +|1500|UTC+03 Kuwait, Riyadh| +|1510|UTC+03 Baghdad| +|1520|UTC+03 Nairobi| +|1530|UTC+03 Kaliningrad, Minsk| +|1540|UTC+04 Moscow, St. Petersburg, Volgograd| +|1550|UTC+03 Tehran| +|1600|UTC+04 Abu Dhabi, Muscat| +|1610|UTC+04 Baku| +|1620|UTC+04 Yerevan| +|1630|UTC+04 Kabul| +|1640|UTC+04 Tbilisi| +|1650|UTC+04 Port Louis| +|1700|UTC+06 Ekaterinburg| +|1710|UTC+05 Tashkent| +|1720|UTC+05 Chennai, Kolkata, Mumbai, New Delhi| +|1730|UTC+05 Sri Jayawardenepura| +|1740|UTC+05 Kathmandu| +|1750|UTC+05 Islamabad, Karachi| +|1800|UTC+06 Astana| +|1810|UTC+07 Novosibirsk| +|1820|UTC+06 Yangon (Rangoon)| +|1830|UTC+06 Dhaka| +|1900|UTC+08 Krasnoyarsk| +|1910|UTC+07 Bangkok, Hanoi, Jakarta| +|1900|UTC+08 Krasnoyarsk| +|2000|UTC+08 Beijing, Chongqing, Hong Kong SAR, Urumqi| +|2010|UTC+09 Irkutsk| +|2020|UTC+08 Kuala Lumpur, Singapore| +|2030|UTC+08 Taipei| +|2040|UTC+08 Perth| +|2050|UTC+08 Ulaanbaatar| +|2100|UTC+09 Seoul| +|2110|UTC+09 Osaka, Sapporo, Tokyo| +|2120|UTC+10 Yakutsk| +|2130|UTC+09 Darwin| +|2140|UTC+09 Adelaide| +|2200|UTC+10 Canberra, Melbourne, Sydney| +|2210|UTC+10 Brisbane| +|2220|UTC+10 Hobart| +|2230|UTC+11 Vladivostok| +|2240|UTC+10 Guam, Port Moresby| +|2300|UTC+11 Solomon Is., New Caledonia| +|2310|UTC+12 Magadan| +|2400|UTC+12 Fiji| +|2410|UTC+12 Auckland, Wellington| +|2420|UTC+12 Petropavlovsk-Kamchatsky| +|2430|UTC+12 Coordinated Universal Time +12| +|2500|UTC+13 Nuku'alofa| **Locale/Language/** The culture code that identifies the language to display on a device, and specifies the formatting of numbers, currencies, time, and dates. For language values, see [Locale IDs Assigned by Microsoft](/openspecs/windows_protocols/ms-lcid/a9eac961-e77d-41a6-90a5-ce1a8b0cdb9c). @@ -1469,212 +1067,45 @@ The following example shows how to set the language. ## Product IDs in Windows 10 Mobile - The following table lists the product ID and AUMID for each app that is included in Windows 10 Mobile. - ----- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    AppProduct IDAUMID
    Alarms and clock44F7D2B4-553D-4BEC-A8B7-634CE897ED5FMicrosoft.WindowsAlarms_8wekyb3d8bbwe!App
    CalculatorB58171C6-C70C-4266-A2E8-8F9C994F4456Microsoft.WindowsCalculator_8wekyb3d8bbwe!App
    CameraF0D8FEFD-31CD-43A1-A45A-D0276DB069F1Microsoft.WindowsCamera_8wekyb3d8bbwe!App
    Contact Support0DB5FCFF-4544-458A-B320-E352DFD9CA2BWindows.ContactSupport_cw5n1h2txyewy!App
    CortanaFD68DCF4-166F-4C55-A4CA-348020F71B94Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI
    ExcelEAD3E7C0-FAE6-4603-8699-6A448138F4DCMicrosoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel
    Facebook82A23635-5BD9-DF11-A844-00237DE2DB9EMicrosoft.MSFacebook_8wekyb3d8bbwe!x82a236355bd9df11a84400237de2db9e
    File ExplorerC5E2524A-EA46-4F67-841F-6A9465D9D515c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App
    FM RadioF725010E-455D-4C09-AC48-BCDEF0D4B626N/A
    Get StartedB3726308-3D74-4A14-A84C-867C8C735C3CMicrosoft.Getstarted_8wekyb3d8bbwe!App
    Groove MusicD2B6A184-DA39-4C9A-9E0A-8B589B03DEC0Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic
    MapsED27A07E-AF57-416B-BC0C-2596B622EF7DMicrosoft.WindowsMaps_8wekyb3d8bbwe!App
    Messaging27E26F40-E031-48A6-B130-D1F20388991AMicrosoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax
    Microsoft Edge395589FB-5884-4709-B9DF-F7D558663FFDMicrosoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
    Money1E0440F1-7ABF-4B9A-863D-177970EEFB5EMicrosoft.BingFinance_8wekyb3d8bbwe!AppexFinance
    Movies and TV6AFFE59E-0467-4701-851F-7AC026E21665Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo
    News9C3E8CAD-6702-4842-8F61-B8B33CC9CAF1Microsoft.BingNews_8wekyb3d8bbwe!AppexNews
    OneDriveAD543082-80EC-45BB-AA02-FFE7F4182BA8Microsoft.MicrosoftSkydrive_8wekyb3d8bbwe!App
    OneNoteCA05B3AB-F157-450C-8C49-A1F127F5E71DMicrosoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim
    Outlook Calendar

    A558FEBA-85D7-4665-B5D8-A2FF9C19799B

    Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar

    Outlook Mail

    A558FEBA-85D7-4665-B5D8-A2FF9C19799B

    Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail

    People60BE1FB8-3291-4B21-BD39-2221AB166481Microsoft.People_8wekyb3d8bbwe!xb94d6231y84ddy49a8yace3ybc955e769e85x
    Phone (dialer)F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7Microsoft.CommsPhone_8wekyb3d8bbwe!App
    PhotosFCA55E1B-B9A4-4289-882F-084EF4145005Microsoft.Windows.Photos_8wekyb3d8bbwe!App
    PodcastsC3215724-B279-4206-8C3E-61D1A9D63ED3Microsoft.MSPodcast_8wekyb3d8bbwe!xc3215724yb279y4206y8c3ey61d1a9d63ed3x
    PowerPointB50483C4-8046-4E1B-81BA-590B24935798Microsoft.Office.PowerPoint_8wekyb3d8bbwe!microsoft.pptim
    Settings2A4E62D8-8809-4787-89F8-69D0F01654FB2a4e62d8-8809-4787-89f8-69d0f01654fb_8wekyb3d8bbwe!App
    SkypeC3F8E570-68B3-4D6A-BDBB-C0A3F4360A51Microsoft.SkypeApp_kzf8qxf38zg5c!Skype.AppId
    Skype Video27E26F40-E031-48A6-B130-D1F20388991AMicrosoft.Messaging_8wekyb3d8bbwe!App
    Sports0F4C8C7E-7114-4E1E-A84C-50664DB13B17Microsoft.BingSports_8wekyb3d8bbwe!AppexSports
    Storage5B04B775-356B-4AA0-AAF8-6491FFEA564DN/A
    Store7D47D89A-7900-47C5-93F2-46EB6D94C159Microsoft.WindowsStore_8wekyb3d8bbwe!App
    Voice recorder7311B9C5-A4E9-4C74-BC3C-55B06BA95AD0Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe!App
    Wallet587A4577-7868-4745-A29E-F996203F1462Microsoft.MicrosoftWallet_8wekyb3d8bbwe!App
    Weather63C2A117-8604-44E7-8CEF-DF10BE3A57C8Microsoft.BingWeather_8wekyb3d8bbwe!App
    Windows Feedback7604089D-D13F-4A2D-9998-33FC02B63CE3Microsoft.WindowsFeedback_8wekyb3d8bbwe!App
    Word258F115C-48F4-4ADB-9A68-1387E634459BMicrosoft.Office.Word_8wekyb3d8bbwe!microsoft.word
    XboxB806836F-EEBE-41C9-8669-19E243B81B83Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp
    \ No newline at end of file +|App|Product ID|AUMID| +|--- |--- |--- | +|Alarms and clock|44F7D2B4-553D-4BEC-A8B7-634CE897ED5F|Microsoft.WindowsAlarms_8wekyb3d8bbwe!App| +|Calculator|B58171C6-C70C-4266-A2E8-8F9C994F4456|Microsoft.WindowsCalculator_8wekyb3d8bbwe!App| +|Camera|F0D8FEFD-31CD-43A1-A45A-D0276DB069F1|Microsoft.WindowsCamera_8wekyb3d8bbwe!App| +|Contact Support|0DB5FCFF-4544-458A-B320-E352DFD9CA2B|Windows.ContactSupport_cw5n1h2txyewy!App| +|Cortana|FD68DCF4-166F-4C55-A4CA-348020F71B94|Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI| +|Excel|EAD3E7C0-FAE6-4603-8699-6A448138F4DC|Microsoft.Office.Excel_8wekyb3d8bbwe!microsoft.excel| +|Facebook|82A23635-5BD9-DF11-A844-00237DE2DB9E|Microsoft.MSFacebook_8wekyb3d8bbwe!x82a236355bd9df11a84400237de2db9e| +|File Explorer|C5E2524A-EA46-4F67-841F-6A9465D9D515|c5e2524a-ea46-4f67-841f-6a9465d9d515_cw5n1h2txyewy!App| +|FM Radio|F725010E-455D-4C09-AC48-BCDEF0D4B626|N/A| +|Get Started|B3726308-3D74-4A14-A84C-867C8C735C3C|Microsoft.Getstarted_8wekyb3d8bbwe!App| +|Groove Music|D2B6A184-DA39-4C9A-9E0A-8B589B03DEC0|Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic| +|Maps|ED27A07E-AF57-416B-BC0C-2596B622EF7D|Microsoft.WindowsMaps_8wekyb3d8bbwe!App| +|Messaging|27E26F40-E031-48A6-B130-D1F20388991A|Microsoft.Messaging_8wekyb3d8bbwe!x27e26f40ye031y48a6yb130yd1f20388991ax| +|Microsoft Edge|395589FB-5884-4709-B9DF-F7D558663FFD|Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge| +|Money|1E0440F1-7ABF-4B9A-863D-177970EEFB5E|Microsoft.BingFinance_8wekyb3d8bbwe!AppexFinance| +|Movies and TV|6AFFE59E-0467-4701-851F-7AC026E21665|Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo| +|News|9C3E8CAD-6702-4842-8F61-B8B33CC9CAF1|Microsoft.BingNews_8wekyb3d8bbwe!AppexNews| +|OneDrive|AD543082-80EC-45BB-AA02-FFE7F4182BA8|Microsoft.MicrosoftSkydrive_8wekyb3d8bbwe!App| +|OneNote|CA05B3AB-F157-450C-8C49-A1F127F5E71D|Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim| +|Outlook Calendar|A558FEBA-85D7-4665-B5D8-A2FF9C19799B|Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Calendar| +|Outlook Mail|A558FEBA-85D7-4665-B5D8-A2FF9C19799B|Microsoft.WindowsCommunicationsApps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail| +|People|60BE1FB8-3291-4B21-BD39-2221AB166481|Microsoft.People_8wekyb3d8bbwe!xb94d6231y84ddy49a8yace3ybc955e769e85x| +|Phone (dialer)|F41B5D0E-EE94-4F47-9CFE-3D3934C5A2C7|Microsoft.CommsPhone_8wekyb3d8bbwe!App| +|Photos|FCA55E1B-B9A4-4289-882F-084EF4145005|Microsoft.Windows.Photos_8wekyb3d8bbwe!App| +|Podcasts|C3215724-B279-4206-8C3E-61D1A9D63ED3|Microsoft.MSPodcast_8wekyb3d8bbwe!xc3215724yb279y4206y8c3ey61d1a9d63ed3x| +|PowerPoint|B50483C4-8046-4E1B-81BA-590B24935798|Microsoft.Office.PowerPoint_8wekyb3d8bbwe!microsoft.pptim| +|Settings|2A4E62D8-8809-4787-89F8-69D0F01654FB|2a4e62d8-8809-4787-89f8-69d0f01654fb_8wekyb3d8bbwe!App| +|Skype|C3F8E570-68B3-4D6A-BDBB-C0A3F4360A51|Microsoft.SkypeApp_kzf8qxf38zg5c!Skype.AppId| +|Skype Video|27E26F40-E031-48A6-B130-D1F20388991A|Microsoft.Messaging_8wekyb3d8bbwe!App| +|Sports|0F4C8C7E-7114-4E1E-A84C-50664DB13B17|Microsoft.BingSports_8wekyb3d8bbwe!AppexSports| +|Storage|5B04B775-356B-4AA0-AAF8-6491FFEA564D|N/A| +|Store|7D47D89A-7900-47C5-93F2-46EB6D94C159|Microsoft.WindowsStore_8wekyb3d8bbwe!App| +|Voice recorder|7311B9C5-A4E9-4C74-BC3C-55B06BA95AD0|Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe!App| +|Wallet|587A4577-7868-4745-A29E-F996203F1462|Microsoft.MicrosoftWallet_8wekyb3d8bbwe!App| +|Weather|63C2A117-8604-44E7-8CEF-DF10BE3A57C8|Microsoft.BingWeather_8wekyb3d8bbwe!App| +|Windows Feedback|7604089D-D13F-4A2D-9998-33FC02B63CE3|Microsoft.WindowsFeedback_8wekyb3d8bbwe!App| +|Word|258F115C-48F4-4ADB-9A68-1387E634459B|Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word| +|Xbox|B806836F-EEBE-41C9-8669-19E243B81B83|Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp| diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index 3b596b6652..b999a6dbee 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -300,36 +300,9 @@ A read-only bit mask that indicates the current state of WIP on the Device. The Suggested values: - ------- - - - - - - - - - - - - - - - - -

    Reserved for future use

    WIP mandatory settings

    -

    Set = 1

    -

    Not set = 0

    Reserved for future use

    AppLocker configured

    -

    Yes = 1

    -

    No = 0

    WIP on = 1

    -

    WIP off = 0

    4

    3

    2

    1

    0

    +|Reserved for future use|WIP mandatory settings
    Set = 1
    Not set = 0|Reserved for future use|AppLocker configured
    Yes = 1
    No = 0|WIP on = 1
    WIP off = 0| +|--- |--- |--- |--- |--- | +|4|3|2|1|0| diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md index 78f0b5cb28..70beb72229 100644 --- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md @@ -259,41 +259,12 @@ The following table describes the fields in the previous sample: The following table describes the fields in the previous sample: - ---- - - - - - - - - - - - - - - - - +|Name|Description| +|--- |--- | +|Add|This is required to precede the Exec command.
  • CmdID - Input value used to reference the request. Responses includes this value, which can be use to match the request and response.
  • LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.| +|Exec|The Exec node includes the parameters and properties requires to locate, download, validate and perform product installation.
  • CmdID - Input value used to reference the request. Responses will include this value which can be used to match request and response.
  • LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.
  • Data - The Data node contains an embedded XML, of type “MsiInstallJob”
  • MsiInstallJob - Contains all information required for the successful download, validation and execution of the MSI installation process (see section at the end of this document for details on this embedded data object).|
    • NameDescription
    AddThis is required to precede the Exec command. -
      -
    • CmdID - Input value used to reference the request. Responses includes this value, which can be use to match the request and response.
      • -
    • LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.
      • -
    ExecThe Exec node includes the parameters and properties requires to locate, download, validate and perform product installation. -
      -
    • CmdID - Input value used to reference the request. Responses will include this value which can be used to match request and response.
      • -
    • LocURI - Path to Win32 CSP command processor, including the Product ID (in this example, 1803A630-3C38-4D2B-9B9A-0CB37243539C) property escaped for XML formatting.
      • -
    • Data - The Data node contains an embedded XML, of type “MsiInstallJob”
      • -
    • MsiInstallJob - Contains all information required for the successful download, validation and execution of the MSI installation process (see section at the end of this document for details on this embedded data object).
      • -
    - - > [!Note] > Information status on the MSI job will be reported using standard OMA-DM notification mechanism. The status reported is represented using standard MSIEXEC return codes as HRESULT as defined in the MSIEXEC topic on Microsoft TechNet at [Msiexec (command-line options)](https://technet.microsoft.com/library/cc759262%28v=ws.10%29.aspx). @@ -353,70 +324,20 @@ The following table describes the fields in the previous sample: The following table MsiInstallJob describes the schema elements. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ElementDescription
    MsiInstallJobroot element -

    "Attribute: "id - the application identifier of the application being installed

    Productchild element of MsiInstallJob -

    Attribute: “Version” – string representation of application version

    Downloadchild element of Product. Container for download configuration information.
    ContentURLListchild element of Download. Contains list of 1 or more content download URL locators in the form of ContentURL elements.
    ContentURLLocation content should be downloaded from. Must be a property formatted URL that points to the .MSI file.
    ValidationContains information used to validate contend authenticity. • FileHash – SHA256 hash value of file content
    FileHashSHA256 hash value of file content
    Enforcementinstallation properties to be used when installing this MSI
    CommandLineCommand-line options to be used when calling MSIEXEC.exe
    TimeOutAmount of time, in minutes that the installation process can run before the installer considers the installation may have failed and no longer monitors the installation operation.
    RetryCountThe number of times the download and installation operation will be retried before the installation will be marked as failed.
    RetryIntervalAmount of time, in minutes between retry operations.
    +|Element|Description| +|--- |--- | +|MsiInstallJob|root element
    "Attribute: "id - the application identifier of the application being installed| +|Product|child element of MsiInstallJob
    Attribute: “Version” – string representation of application version| +|Download|child element of Product. Container for download configuration information.| +|ContentURLList|child element of Download. Contains list of 1 or more content download URL locators in the form of ContentURL elements.| +|ContentURL|Location content should be downloaded from. Must be a property formatted URL that points to the .MSI file.| +|Validation|Contains information used to validate contend authenticity. • FileHash – SHA256 hash value of file content| +|FileHash|SHA256 hash value of file content| +|Enforcement|installation properties to be used when installing this MSI| +|CommandLine|Command-line options to be used when calling MSIEXEC.exe| +|TimeOut|Amount of time, in minutes that the installation process can run before the installer considers the installation may have failed and no longer monitors the installation operation.| +|RetryCount|The number of times the download and installation operation will be retried before the installation will be marked as failed.| +|RetryInterval|Amount of time, in minutes between retry operations.| @@ -453,85 +374,17 @@ The following tables shows how app targeting and MSI package type (per-user, per For Intune standalone environment, the MSI package will determine the MSI execution context. - ------ - - - - - - - - - - - - - - - - - - - - - - -
    TargetPer-user MSIPer-machine MSIDual mode MSI
    UserInstall the MSI per-user -

    LocURI contains a User prefix, such as ./User

    		Install the MSI per-device -

    LocURI contains a Device prefix, such as ./Device

    		Install the MSI per-user -

    LocURI contains a User prefix, such as ./User

    SystemInstall the MSI per-user -

    LocURI contains a User prefix, such as ./User

    		Install the MSI per-device -

    LocURI contains a Device prefix, such as ./Device

    		Install the MSI per-user -

    LocURI contains a User prefix, such as ./User

    - - +|Target|Per-user MSI|Per-machine MSI|Dual mode MSI| +|--- |--- |--- |--- | +|User|Install the MSI per-user
    LocURI contains a User prefix, such as ./User|Install the MSI per-device
    LocURI contains a Device prefix, such as ./Device|Install the MSI per-user
    LocURI contains a User prefix, such as ./User| +|System|Install the MSI per-user
    LocURI contains a User prefix, such as ./User|Install the MSI per-device
    LocURI contains a Device prefix, such as ./Device|Install the MSI per-user
    LocURI contains a User prefix, such as ./User| The following table applies to SCCM hybrid environment. - ------ - - - - - - - - - - - - - - - - - - - - - - -
    TargetPer-user MSIPer-machine MSIDual mode MSI
    UserInstall the MSI per-user -

    LocURI contains a User prefix, such as ./User

    		Install the MSI per-device -

    LocURI contains a Device prefix, such as ./Device

    		Install the MSI per-user -

    LocURI contains a User prefix, such as ./User

    SystemInstall the MSI per-user -

    LocURI contains a User prefix, such as ./User

    		Install the MSI per-device -

    LocURI contains a Device prefix, such as ./Device

    		Install the MSI per- system context -

    LocURI contains a Device prefix, such as ./Device

    - - +|Target|Per-user MSI|Per-machine MSI|Dual mode MSI| +|--- |--- |--- |--- | +|User|Install the MSI per-user
    LocURI contains a User prefix, such as ./User|Install the MSI per-device
    LocURI contains a Device prefix, such as ./Device|Install the MSI per-user
    LocURI contains a User prefix, such as ./User| +|System|Install the MSI per-user
    LocURI contains a User prefix, such as ./User|Install the MSI per-device
    LocURI contains a Device prefix, such as ./Device|Install the MSI per- system context
    LocURI contains a Device prefix, such as ./Device| ## How to determine the package type from the MSI package diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md index 94c9465267..4c01145bb3 100644 --- a/windows/client-management/mdm/get-inventory.md +++ b/windows/client-management/mdm/get-inventory.md @@ -21,143 +21,34 @@ The **Get Inventory** operation retrieves information from the Microsoft Store f ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    GET

    https://bspmts.mp.microsoft.com/V1/Inventory?continuationToken={ContinuationToken}&modifiedSince={ModifiedSince}&licenseTypes={LicenseType}&maxResults={MaxResults}

    - - - +**GET:** +```http +https://bspmts.mp.microsoft.com/V1/Inventory?continuationToken={ContinuationToken}&modifiedSince={ModifiedSince}&licenseTypes={LicenseType}&maxResults={MaxResults} +``` ### URI parameters The following parameters may be specified in the request URI. - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDefault valueDescription

    continuationToken

    string

    Null

    modifiedSince

    datetime

    Null

    Optional. Used to determine changes since a specific date.

    licenseTypes

    collection of LicenseType

    {online,offline}

    Optional. A collection of license types

    maxResults

    integer-32

    25

    Optional. Specifies the maximum number of applications returned in a single query.

    - - - +|Parameter|Type|Default value|Description| +|--- |--- |--- |--- | +|continuationToken|string|Null|| +|modifiedSince|datetime|Null|Optional. Used to determine changes since a specific date.| +|licenseTypes|collection of [LicenseType](data-structures-windows-store-for-business.md#licensetype)|{online,offline}|Optional. A collection of license types| +|maxResults|integer-32|25|Optional. Specifies the maximum number of applications returned in a single query.| Here are some examples. - ---- - - - - - - - - - - - - - - - - - - - - - - - - -
    Query typeExample query

    Online and offline

    https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&licenseTypes=offline&maxResults=25

    Online only

    https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&maxResults=25

    Offline only

    https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=offline&maxResults=25

    Both license types and a time filter

    https://bspmts.mp.microsoft.com/V1/Inventory?modifiedSince=2015-07-13T14%3a02%3a25.6863382-07%3a00&licenseTypes=online&licenseTypes=offline&maxResults=25

    - - - - - ------ - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData field

    400

    Invalid parameters

    No

    Parameter name

    -

    Invalid modified date, license, or continuationToken

    -

    Details: String

    - - +|Query type|Example query| +|--- |--- | +|Online and offline|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&licenseTypes=offline&maxResults=25)| +|Online only|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=online&maxResults=25)| +|Offline only|[https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?licenseTypes=offline&maxResults=25)| +|Both license types and a time filter|[https://bspmts.mp.microsoft.com/V1/Inventory?modifiedSince=2015-07-13T14%3a02%3a25.6863382-07%3a00&licenseTypes=online&licenseTypes=offline&maxResults=25](https://bspmts.mp.microsoft.com/V1/Inventory?modifiedSince=2015-07-13T14%3a02%3a25.6863382-07%3a00&licenseTypes=online&licenseTypes=offline&maxResults=25)| +|Error code|Description|Retry|Data field| +|--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name

    Invalid modified date, license, or continuationToken

    Details: String| ## Response diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md index 52848ed620..3e13a8f8e4 100644 --- a/windows/client-management/mdm/get-localized-product-details.md +++ b/windows/client-management/mdm/get-localized-product-details.md @@ -18,97 +18,27 @@ The **Get localized product details** operation retrieves the localization infor ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    GET

    https://bspmts.mp.microsoft.com/V1/Products/{ProductId}/{SkuId}/LocalizedDetails/{language}

    +**GET:** + +```http +https://bspmts.mp.microsoft.com/V1/Products/{ProductId}/{SkuId}/LocalizedDetails/{language} +``` ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    productId

    string

    Required. Product identifier for an application that is used by the Store for Business.

    skuId

    string

    Required. Product identifier that specifies a specific SKU of an application.

    language

    string

    Required. Language in ISO format, such as en-us, en-ca.

    +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|language|string|Required. Language in ISO format, such as en-us, en-ca.| - - ------ - - - - - - - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData field

    400

    Invalid parameters

    No

    Parameter name

    -

    Reason: Missing parameter or invalid parameter

    -

    Details: String

    404

    Not found

    Item type: productId, skuId, language

    - -  +|Error code|Description|Retry|Data field| +|--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name
    Reason: Missing parameter or invalid parameter
    Details: String| +|404|Not found||Item type: productId, skuId, language| ## Response diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md index 87699a8b11..0f60251a1c 100644 --- a/windows/client-management/mdm/get-offline-license.md +++ b/windows/client-management/mdm/get-offline-license.md @@ -18,102 +18,27 @@ The **Get offline license** operation retrieves the offline license information ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    POST

    https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/OfflineLicense/{contentId}

    +**POST:** + +```http +https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/OfflineLicense/{contentId} +``` -  ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    productId

    string

    Required. Identifies a specific product that has been acquired.

    skuId

    string

    Required. The SKU identifier.

    contentId

    string

    Required. Identifies a specific application.

    +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Identifies a specific product that has been acquired.| +|skuId|string|Required. The SKU identifier.| +|contentId|string|Required. Identifies a specific application.| - - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData field

    400

    Invalid parameters

    No

    Parameter name

    -

    Reason: Missing parameter or invalid parameter

    -

    Details: String

    404

    Not found

    409

    Conflict

    Reason: Not owned, Not offline

    - +|Error code|Description|Retry|Data field| +|--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name
    Reason: Missing parameter or invalid parameter
    Details: String| +|404|Not found||| +|409|Conflict||Reason: Not owned, Not offline| ## Response diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md index 18a0174509..9b32395cbd 100644 --- a/windows/client-management/mdm/get-product-details.md +++ b/windows/client-management/mdm/get-product-details.md @@ -18,92 +18,26 @@ The **Get product details** operation retrieves the product information from the ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    GET

    https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}

    +**GET:** +```http +https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId} +``` ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    productId

    string

    Required. Product identifier for an application that is used by the Store for Business.

    skuId

    string

    Required. Product identifier that specifies a specific SKU of an application.

    +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|Error code|Description|Retry|Data field| +|--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name
    Reason: Missing parameter or invalid parameter
    Details: String| +|404|Not found||| - ------ - - - - - - - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData field

    400

    Invalid parameters

    No

    Parameter name

    -

    Reason: Missing parameter or invalid parameter

    -

    Details: String

    404

    Not found

    - -  ## Response ### Response body diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index 662580acde..7c5c2e077b 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -18,108 +18,29 @@ The **Get product package** operation retrieves the information about a specific ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    GET

    https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages/{packageId}

    +**GET:** -  +```http +https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages/{packageId} +``` ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    productId

    string

    Required. Product identifier for an application that is used by the Store for Business.

    skuId

    string

    Required. Product identifier that specifies a specific SKU of an application.

    packageId

    string

    Required.

    - - - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData fieldDetails

    400

    Invalid parameters

    No

    Parameter name

    -

    Reason: Invalid parameter

    -

    Details: String

    Can be productId, skuId, or packageId

    404

    Not found

    Item type: Product/SKU

    409

    Conflict

    Reason: Not owned

    +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|packageId|string|Required.| +|Error code|Description|Retry|Data field|Details| +|--- |--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name +Reason: Invalid parameter +Details: String|Can be productId, skuId, or packageId| +|404|Not found|||Item type: Product/SKU| +|409|Conflict||Reason: Not owned|| ## Response diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index 5ad2851bc5..9c3e90586c 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -18,97 +18,29 @@ The **Get product packages** operation retrieves the information about applicati ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    GET

    https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages

    +**GET:** + +```http +https://bspmts.mp.microsoft.com/V1/Products/{productId}/{skuId}/Packages +```   ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    productId

    string

    Required. Product identifier for an application that is used by the Store for Business.

    skuId

    string

    Required. Product identifier that specifies a specific SKU of an application.

    - -  - ------ - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData field

    400

    Invalid parameters

    No

    Parameter name

    -

    Reason: Missing parameter or invalid parameter

    -

    Details: String

    404

    Not found

    409

    Conflict

    Reason: Not owned

    +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|Error code|Description|Retry|Data field| +|--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name +Reason: Missing parameter or invalid parameter +Details: String| +|404|Not found||| +|409|Conflict||Reason: Not owned| ## Response diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index 598d24ea19..82f7c29f61 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -18,61 +18,21 @@ The **Get seat** operation retrieves the information about an active seat for a ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    GET

    https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username}

    +**GET:** +```http +https://bspmts.mp.microsoft.com/V1/Inventory/{productId}/{skuId}/Seats/{username} +``` ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    productId

    string

    Required. Product identifier for an application that is used by the Store for Business.

    skuId

    string

    Required. Product identifier that specifies a specific SKU of an application.

    username

    string

    Requires UserPrincipalName (UPN). User name of the target user account.

    +|Parameter|Type|Description| +|--- |--- |--- | +|productId|string|Required. Product identifier for an application that is used by the Store for Business.| +|skuId|string|Required. Product identifier that specifies a specific SKU of an application.| +|username|string|Requires UserPrincipalName (UPN). User name of the target user account.|   ## Response @@ -81,51 +41,14 @@ The following parameters may be specified in the request URI. The response body contains [SeatDetails](data-structures-windows-store-for-business.md#seatdetails). - ------- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData fieldDetails

    400

    Invalid parameters

    No

    Parameter name

    -

    Reason: Missing parameter or invalid parameter

    -

    Details: String

    Invalid can include productId, skuId or username

    404

    Not found

    ItemType: Inventory, User, Seat

    -

    Values: ProductId/SkuId, UserName, ProductId/SkuId/Username

    409

    Conflict

    Reason: Not online

    - +|Error code|Description|Retry|Data field|Details| +|--- |--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name +Reason: Missing parameter or invalid parameter +Details: String|Invalid can include productId, skuId or username| +|404|Not found|||ItemType: Inventory, User, Seat +Values: ProductId/SkuId, UserName, ProductId/SkuId/Username| +|409|Conflict||Reason: Not online||     diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index 016e2a8711..123c7969ce 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -18,61 +18,21 @@ The **Get seats assigned to a user** operation retrieves information about assig ## Request - ---- - - - - - - - - - - - - -
    MethodRequest URI

    GET

    https://bspmts.mp.microsoft.com/V1/Users/{username}/Seats?continuationToken={ContinuationToken}&maxResults={MaxResults}

    +**GET:** +```http +https://bspmts.mp.microsoft.com/V1/Users/{username}/Seats?continuationToken={ContinuationToken}&maxResults={MaxResults} +``` ### URI parameters The following parameters may be specified in the request URI. - ----- - - - - - - - - - - - - - - - - - - - - - - - - -
    ParameterTypeDescription

    useName

    string

    Requires UserPrincipalName (UPN). User name of the target user account.

    continuationToken

    string

    Optional.

    maxResults

    inteter-32

    Optional. Default = 25, Maximum = 100

    +|Parameter|Type|Description| +|--- |--- |--- | +|useName|string|Requires UserPrincipalName (UPN). User name of the target user account.| +|continuationToken|string|Optional.| +|maxResults|inteter-32|Optional. Default = 25, Maximum = 100|   ## Response @@ -81,39 +41,11 @@ The following parameters may be specified in the request URI. The response body contain [SeatDetailsResultSet](data-structures-windows-store-for-business.md#seatdetailsresultset). - ------ - - - - - - - - - - - - - - - - - - - - - - -
    Error codeDescriptionRetryData field

    400

    Invalid parameters

    No

    Parameter name

    -

    Reason: Invalid parameter

    -

    Details: String

    404

    Not found

    Item type: User

    -

    Values: UserName

    +|Error code|Description|Retry|Data field| +|--- |--- |--- |--- | +|400|Invalid parameters|No|Parameter name
    Reason: Invalid parameter
    Details: String| +|404|Not found||Item type: User +Values: UserName|   From d58ffa414c31a24f3bb369a5086541f068f709ad Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 10 Nov 2021 19:14:58 +0530 Subject: [PATCH 27/79] Fixing acrolinx and build issues --- ...a-structures-windows-store-for-business.md | 173 +++++++++--------- .../mdm/enterpriseappmanagement-csp.md | 52 +----- 2 files changed, 96 insertions(+), 129 deletions(-) diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md index 46fda3c4d4..b20c4ce200 100644 --- a/windows/client-management/mdm/data-structures-windows-store-for-business.md +++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md @@ -6,7 +6,7 @@ MS-HAID: ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B ms.reviewer: manager: dansimp -description: +description: Learn about data structures for Microsoft Store for Business. ms.author: dansimp ms.topic: article ms.prod: w10 @@ -17,7 +17,6 @@ ms.date: 09/18/2017 # Data structures for Microsoft Store for Business - Here's the list of data structures used in the Microsoft Store for Business REST APIs: - [AlternateIdentifier](#alternateidentifier) @@ -56,36 +55,36 @@ Specifies the properties of the alternate identifier. |Name|Type|Description| |--- |--- |--- | -|type|string|LegacyWindowStoreProductId, LegacyWindowsPhoneProductId, RedirectToThresholdProductId| -|value|string|| +|Type|String|LegacyWindowStoreProductId, LegacyWindowsPhoneProductId, RedirectToThresholdProductId| +|Value|String|| ## BulkSeatOperationResultSet |Name|Type| |--- |--- | -|seatDetails|collection of [SeatDetails](#seatdetails)| -|failedSeatOperations|collection of [FailedSeatRequest](#failedseatrequest)| +|seatDetails|Collection of [SeatDetails](#seatdetails)| +|failedSeatOperations|Collection of [FailedSeatRequest](#failedseatrequest)| ## FailedSeatRequest |Name|Type| |--- |--- | -|failureReason|string| +|failureReason|String| |productKey|[ProductKey](#productkey)| -|userName|string| +|userName|String| ## FrameworkPackageDetails |Name|Type|Description| |--- |--- |--- | -|packageId|string|| -|contentId|string|Identifies a specific application.| -|location|[PackageLocation](#packagelocation)|| -|packageFullName|string|| -|packageIdentityName|string|| -|architectures|collection of [ProductArchitectures](#productarchitectures)|| +|packageId|String|| +|contentId|String|Identifies a specific application.| +|Location|[PackageLocation](#packagelocation)|| +|packageFullName|String|| +|packageIdentityName|String|| +|Architectures|Collection of [ProductArchitectures](#productarchitectures)|| |packageFormat|[ProductPackageFormat](#productpackageformat)|| -|platforms|collection of [ProductPlatform](#productplatform)|| +|Platforms|Collection of [ProductPlatform](#productplatform)|| |fileSize|integer-64|Size of the file.| |packageRank|integer-32|Optional| @@ -93,42 +92,42 @@ Specifies the properties of the alternate identifier. |Name|Description| |--- |--- | -|open|Open distribution policy - licenses/seats can be assigned/consumed without limit| -|restricted|Restricted distribution policy - licenses/seats must be assigned/consumed according to the available count| +|Open|Open distribution policy - licenses/seats can be assigned/consumed without limit| +|Restricted|Restricted distribution policy - licenses/seats must be assigned/consumed according to the available count| ## InventoryEntryDetails |Name|Type|Description| |--- |--- |--- | -|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.| +|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.| |seatCapacity|integer-64|Total number of seats that have been purchased for an application.| |availableSeats|integer-64|Number of available seats remaining for an application.| -|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application includes updated product details, updates to an application, and updates to the quantity of an application.| +|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.| |licenseType|[LicenseType](#licensetype)|Indicates whether the set of seats for a given application supports online or offline licensing.| |distributionPolicy|[InventoryDistributionPolicy](#inventorydistributionpolicy)|| -|status|[InventoryStatus](#inventorystatus)|| +|Status|[InventoryStatus](#inventorystatus)|| ## InventoryResultSet |Name|Type|Description| |--- |--- |--- | -|continuationToken|string|Only available if there is a next page.| -|inventoryEntries|collection of [InventoryEntryDetails](#inventoryentrydetails)|| +|continuationToken|String|Only available if there is a next page.| +|inventoryEntries|Collection of [InventoryEntryDetails](#inventoryentrydetails)|| ## InventoryStatus |Name|Description| |--- |--- | -|active|Entry is available in the organization’s inventory.| -|removed|Entry has been removed from the organization’s inventory.| +|Active|Entry is available in the organization’s inventory.| +|Removed|Entry has been removed from the organization’s inventory.| ## LicenseType |Name|Description| |--- |--- | -|online|Online license application.| -|offline|Offline license application.| +|Online|Online license application.| +|Offline|Offline license application.| ## LocalizedProductDetail @@ -137,11 +136,11 @@ Specifies the properties of the localized product. |Name|Type|Description| |--- |--- |--- | -|language|string|Language or fallback language if the specified language is not available.| -|displayName|string|Display name of the application.| -|description|string|App description provided by developer can be up to 10,000 characters.| -|images|collection of [ProductImage](#productimage)|Artwork and icon associated with the application.| -|publisher|[PublisherDetails](#publisherdetails)|Publisher of the application.| +|Language|String|Language or fallback language if the specified language is not available.| +|displayName|String|Display name of the application.| +|Description|String|App description provided by developer can be up to 10,000 characters.| +|Images|Collection of [ProductImage](#productimage)|Artwork and icon associated with the application.| +|Publisher|[PublisherDetails](#publisherdetails)|Publisher of the application.| ## OfflineLicense @@ -149,33 +148,33 @@ Specifies the properties of the localized product. |Name|Type|Description| |--- |--- |--- | |productKey|[ProductKey](#productkey)|Identifies a set of seats associated with an application.| -|licenseBlob|string|Base-64 encoded offline license that can be installed via a CSP.| -|licenseInstanceId|string|Version of the license.| -|requestorId|string|Organization requesting the license.| -|contentId|string|Identifies the specific license required by an application.| +|licenseBlob|String|Base-64 encoded offline license that can be installed via a CSP.| +|licenseInstanceId|String|Version of the license.| +|requestorId|String|Organization requesting the license.| +|contentId|String|Identifies the specific license required by an application.| ## PackageContentInfo |Name|Type| |--- |--- | -|productPlatforms|collection of ProductPlatform| -|packageFormat|string| +|productPlatforms|Collection of ProductPlatform| +|packageFormat|String| ## PackageLocation |Name|Type|Description| |--- |--- |--- | -|url|URI|CDN location of the packages. URL expiration is based on the estimated time to download the package.| +|Url|URI|CDN location of the packages. URL expiration is based on the estimated time to download the package.| ## ProductArchitectures |Name| |--- | -|neutral| -|arm| +|Neutral| +|Arm| |x86| |x64| @@ -183,14 +182,14 @@ Specifies the properties of the localized product. |Name|Type|Description| |--- |--- |--- | -|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get additional content including product descriptions, offline license, and download URLs.| -|productType|string|Type of product.| -|supportedLanguages|collection of string|The set of localized languages for an application.| -|publisherId|string|Publisher identifier.| -|category|string|Application category.| -|alternateIds|collection of [AlternateIdentifier](#alternateidentifier)|The identifiers that can be used to instantiate the installation of on online application.| -|packageFamilyName|string|| -|supportedPlatforms|collection of [ProductPlatform](#productplatform)|| +|productKey|[ProductKey](#productkey)|Identifier used on subsequent requests to get more content including product descriptions, offline license, and download URLs.| +|productType|String|Type of product.| +|supportedLanguages|Collection of string|The set of localized languages for an application.| +|publisherId|String|Publisher identifier.| +|Category|String|Application category.| +|alternateIds|Collection of [AlternateIdentifier](#alternateidentifier)|The identifiers that can be used to instantiate the installation of on online application.| +|packageFamilyName|String|| +|supportedPlatforms|Collection of [ProductPlatform](#productplatform)|| ## ProductImage @@ -199,13 +198,13 @@ Specifies the properties of the product image. |Name|Type|Description| |--- |--- |--- | -|location|URI|Location of the download image.| -|purpose|string|Tag for the purpose of the image, e.g. "screenshot" or "logo".| -|height|string|Height of the image in pixels.| -|width|string|Width of the image in pixels.| -|caption|string|Unlimited length.| -|backgroundColor|string|Format "#RRGGBB"| -|foregroundColor|string|Format "#RRGGBB"| +|Location|URI|Location of the download image.| +|Purpose|String|Tag for the purpose of the image, for example "screenshot" or "logo".| +|Height|String|Height of the image in pixels.| +|Width|String|Width of the image in pixels.| +|Caption|String|Unlimited length.| +|backgroundColor|String|Format "#RRGGBB"| +|foregroundColor|String|Format "#RRGGBB"| |fileSize|integer-64|Size of the file.| ## ProductKey @@ -214,22 +213,22 @@ Specifies the properties of the product key. |Name|Type|Description| |--- |--- |--- | -|productId|string|Product identifier for an application that is used by the Store for Business.| -|skuId|string|Product identifier that specifies a specific SKU of an application.| +|productId|String|Product identifier for an application that is used by the Store for Business.| +|skuId|String|Product identifier that specifies a specific SKU of an application.| ## ProductPackageDetails |Name|Type|Description| |--- |--- |--- | -|frameworkDependencyPackages|collection of [FrameworkPackageDetails](#frameworkpackagedetails)|| -|packageId|string|| -|contentId|string|Identifies a specific application.| -|location|[PackageLocation](#packagelocation)|| -|packageFullName|string|example,Microsoft.BingTranslator_1.1.10917.2059_x86__8wekyb3d8bbwe| -|packageIdentityName|string|example, Microsoft.BingTranslator| -|architectures|collection of [ProductArchitectures](#productarchitectures)|Values {x86, x64, arm, neutral}| +|frameworkDependencyPackages|Collection of [FrameworkPackageDetails](#frameworkpackagedetails)|| +|packageId|String|| +|contentId|String|Identifies a specific application.| +|Location|[PackageLocation](#packagelocation)|| +|packageFullName|String|Example, Microsoft.BingTranslator_1.1.10917.2059_x86__8wekyb3d8bbwe| +|packageIdentityName|String|Example, Microsoft.BingTranslator| +|Architectures|Collection of [ProductArchitectures](#productarchitectures)|Values {x86, x64, arm, neutral}| |packageFormat|[ProductPackageFormat](#productpackageformat)|Extension of the package file.| -|platforms|collection of [ProductPlatform](#productplatform)|| +|Platforms|Collection of [ProductPlatform](#productplatform)|| |fileSize|integer-64|Size of the file.| |packageRank|integer-32|Optional| @@ -237,22 +236,22 @@ Specifies the properties of the product key. |Name| |--- | -|appx| +|Appx| |appxBundle| -|xap| +|Xap| ## ProductPackageSet |Name|Type|Description| |--- |--- |--- | -|packageSetId|string|An identifier for the particular combination of application packages.| -|productPackages|collection of [ProductPackageDetails](#productpackagedetails)|A collection of application packages.| +|packageSetId|String|An identifier for the particular combination of application packages.| +|productPackages|Collection of [ProductPackageDetails](#productpackagedetails)|A collection of application packages.| ## ProductPlatform |Name|Type| |--- |--- | -|platformName|string| +|platformName|String| |minVersion|[VersionInfo](#versioninfo)| |maxTestedVersion|[VersionInfo](#versioninfo)| @@ -262,54 +261,54 @@ Specifies the properties of the publisher details. |Name|Type|Description| |--- |--- |--- | -|publisherName|string|Name of the publisher.| -|publisherWebsite|string|Website of the publisher.| +|publisherName|String|Name of the publisher.| +|publisherWebsite|String|Website of the publisher.| ## SeatAction |Name| |--- | -|assign| -|reclaim| +|Assign| +|Reclaim| ## SeatDetails |Name|Type|Description| |--- |--- |--- | -|assignedTo|string|Format = UPN (user@domain)| -|dateAssigned|datetime|| -|state|[SeatState](#seatstate)|| +|assignedTo|String|Format = UPN (user@domain)| +|dateAssigned|Datetime|| +|State|[SeatState](#seatstate)|| |productKey|[ProductKey](#productkey)|| ## SeatDetailsResultSet |Name|Type| |--- |--- | -|seats|collection of [SeatDetails](#seatdetails)| -|continuationToken|string| +|Seats|Collection of [SeatDetails](#seatdetails)| +|continuationToken|String| ## SeatState |Name| |--- | -|active| -|revoked| +|Active| +|Revoked| ## SupportedProductPlatform |Name|Type| |--- |--- | -|platformName|string| +|platformName|String| |minVersion|[VersionInfo](#versioninfo)| |maxTestedVersion|[VersionInfo](#versioninfo)| -|architectures|collection of [ProductArchitectures](#productarchitectures)| +|Architectures|Collection of [ProductArchitectures](#productarchitectures)| ## VersionInfo |Name|Type| |--- |--- | -|major|integer-32| -|minor|integer-32| -|build|integer-32| -|revision|integer-32| +|Major|integer-32| +|Minor|integer-32| +|Build|integer-32| +|Revision|integer-32| diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index f5132cb038..fd9d3891b3 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -158,48 +158,16 @@ Supported operations are Get, Add, and Replace. **/Download/*ProductID*/Status** Required. The integer value that indicates the status of the current download process. The following table shows the possible values. - ---- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    0: CONFIRM

    Waiting for confirmation from user.

    1: QUEUED

    Waiting for download to start.

    2: DOWNLOADING

    In the process of downloading.

    3: DOWNLOADED

    Waiting for installation to start.

    4: INSTALLING

    Handed off for installation.

    5: INSTALLED

    Successfully installed

    6: FAILED

    Application was rejected (not signed properly, bad XAP format, not enrolled properly, etc.)

    7:DOWNLOAD_FAILED

    Unable to connect to server, file doesn't exist, etc.

    - - +|Value|Description| +|--- |--- | +|0: CONFIRM|Waiting for confirmation from user.| +|1: QUEUED|Waiting for download to start.| +|2: DOWNLOADING|In the process of downloading.| +|3: DOWNLOADED|Waiting for installation to start.| +|4: INSTALLING|Handed off for installation.| +|5: INSTALLED|Successfully installed| +|6: FAILED|Application was rejected (not signed properly, bad XAP format, not enrolled properly, etc.)| +|7:DOWNLOAD_FAILED|Unable to connect to server, file doesn't exist, etc.| Scope is dynamic. Supported operations are Get, Add, and Replace. From f62961cc8cb93cc4bc924a23163748b07ddf64af Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 10:45:09 -0500 Subject: [PATCH 28/79] Removed table and put text in bullets --- ...ppv-using-the-client-management-console.md | 29 +++++++++++++++---- 1 file changed, 23 insertions(+), 6 deletions(-) diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md index a21128f036..47b3877b5c 100644 --- a/windows/application-management/app-v/appv-using-the-client-management-console.md +++ b/windows/application-management/app-v/appv-using-the-client-management-console.md @@ -42,13 +42,30 @@ You can obtain information about the App-V client or perform specific tasks by u The client management console contains the following described main tabs. -|Tab|Description| -|--- |--- | -|Overview|The **Overview** tab contains the following elements:
  • Update – Use the Update tile to refresh a virtualized application or to receive a new virtualized package.
  • The **Last Refresh** displays the current version of the virtualized package.
  • Download all virtual applications – Use the Download tile to download all of the packages provisioned to the current user.
    (Associated Windows PowerShell cmdlet: **Mount-AppvClientPackage**)
  • Work Offline – Use this tile to disallow all automatic and manual virtual application updates.
    (Associated Windows PowerShell cmdlet: **-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled**)| -|Virtual Apps|The **VIRTUAL APPS** tab displays all of the packages that have been published to the user. You can also click a specific package and see all of the applications that are part of that package. This displays information about packages that are currently in use and how much of each package has been downloaded to the computer. You can also start and stop package downloads. Additionally, you can repair the user state. A repair will delete all user data that is associated with a package.| -|App Connection Groups|The **APP CONNECTION GROUPS** tab displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group.
    (Associated Windows PowerShell cmdlets: Download - **Mount-AppvClientConnectionGroup**. Repair - **AppvClientConnectionGroup**.)| +- **Overview**: The **Overview** tab contains the following elements: -
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). + - **Update**: Refreshes a virtualized application or to receive a new virtualized package. + - **Last Refresh**: Displays the current version of the virtualized package. + - **Download all virtual applications**: Use the Download tile to download all of the packages provisioned to the current user. + + Associated Windows PowerShell cmdlet: `Mount-AppvClientPackage` + + - **Work Offline**: Disallows all automatic and manual virtual application updates. + + Associated Windows PowerShell cmdlet: `-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled` + +- **VIRTUAL APPS**: Displays all of the packages that have been published to the user. + + You can also click a specific package and see all of the applications that are part of that package. This option displays information about packages that are currently in use and how much of each package has been downloaded to the computer. You can also start and stop package downloads, and repair the user state. A repair will delete all user data that is associated with a package. + +- **APP CONNECTION GROUPS**: Displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group. + + Associated Windows PowerShell cmdlets: + + - Download: `Mount-AppvClientConnectionGroup` + - Repair: `AppvClientConnectionGroup` + +For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). ## Related topics From f223c11aa452095ce1c6b4fadbf1b0c08a40e972 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 11:02:42 -0500 Subject: [PATCH 29/79] Removed text from table, and put in bullets Also removed HTML tags and put text in code blocks --- ...plications-inside-a-virtual-environment.md | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md index 6dba0901d2..02c25af40d 100644 --- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md +++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md @@ -54,21 +54,35 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo 1. Using the information in the following table, create a new registry key using the name of the executable file, for example, **MyApp.exe**. - |Package publishing method|Where to create the registry key| - |--- |--- | - |Published globally|HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual
    **Example:**
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe| - |Published to the user|HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual
    **Example:**
    HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe| - |Connection group can contain:
  • Packages that are published just globally or just to the user
  • Packages that are published globally and to the user|Either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER key, but all of the following must be true:
  • If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.
  • Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.
  • The key under which you create the subkey must match the publishing method you used for the package.
  • For example, if you published the package to the user, you must create the subkey underHKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual. Do not add a key for the same application under both hives.| + - **Published globally**: Create the `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual` registry key. + + For example, create `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe`. + + - **Published to the user**: Create the `HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual` registry key. + + For example, create `HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe`. + + - Connection group can be: + - Packages that are published just globally or just to the user + - Packages that are published globally and to the user + + Use the `HKEY_LOCAL_MACHINE` or `HKEY_CURRENT_USER` key. But, all of the following must be true: + + - If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group. + - Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment. + - The key under which you create the subkey must match the publishing method you used for the package. + + For example, if you published the package to the user, you must create the subkey under `HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual`. Do not add a key for the same application under both hives. 2. Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore. - **Syntax**: <PackageId>\_<VersionId> + **Syntax**: `_` **Example**: 4c909996-afc9-4352-b606-0b74542a09c1\_be463724-Oct1-48f1-8604-c4bd7ca92fa The application in the previous example would produce a registry export file (.reg file) like the following: - ``` syntax + ```registry Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual] @="" @@ -81,24 +95,24 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo You can use the **Start-AppVVirtualProcess** cmdlet to retrieve the package name and then start a process within the specified package's virtual environment. This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. -Use the following example syntax, and substitute the name of your package for **<Package>**: +Use the following example syntax, and substitute the name of your package for ``: `$AppVName = Get-AppvClientPackage ` `Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe` -If you don’t know the exact name of your package, you can use the command line Get-AppvClientPackage \*executable\*, where **executable** is the name of the application, for example:
    Get-AppvClientPackage \*Word\* +If you don’t know the exact name of your package, you can use the command line `Get-AppvClientPackage YourExecutable`, where `YourExecutable` is the name of the application. For example, enter `Get-AppvClientPackage Word`. -## Command line switch /appvpid:<PID> +## Command line switch `/appvpid:` -You can apply the **/appvpid:<PID>** switch to any command, which enables that command to run within a virtual process that you select by specifying its process ID (PID). Using this method launches the new executable in the same App-V environment as an executable that is already running. +You can apply the `/appvpid:` switch to any command, which enables that command to run within a virtual process that you select by specifying its process ID (PID). Using this method launches the new executable in the same App-V environment as an executable that is already running. Example: `cmd.exe /appvpid:8108` To find the process ID (PID) of your App-V process, run the command **tasklist.exe** from an elevated command prompt. -## Command line hook switch /appvve:<GUID> +## Command line hook switch `/appvve:` This switch lets you run a local command within the virtual environment of an App-V package. Unlike the **/appvid** switch, where the virtual environment must already be running, this switch enables you to start the virtual environment. @@ -117,25 +131,11 @@ To get the package GUID and version GUID of your application, run the **Get-Appv - Version ID of the desired package -If you don’t know the exact name of your package, use the command line Get-AppvClientPackage \*executable\*, where **executable** is the name of the application, for example:
    Get-AppvClientPackage \*Word\* +If you don’t know the exact name of your package, use the command line `Get-AppvClientPackage YourExecutable`, where `YourExecutable` is the name of the application. For example, enter `Get-AppvClientPackage Word`. This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running. - - - -
    For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). - ## Related topics [Technical Reference for App-V](appv-technical-reference.md) - -  - -  - - - - - From a71d36e78a05b967bc6cbb46487148d23bf40101 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Nov 2021 08:46:33 -0800 Subject: [PATCH 30/79] Update submission-guide.md --- .../threat-protection/intelligence/submission-guide.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/security/threat-protection/intelligence/submission-guide.md b/windows/security/threat-protection/intelligence/submission-guide.md index 44bcc3e46e..4033a6633b 100644 --- a/windows/security/threat-protection/intelligence/submission-guide.md +++ b/windows/security/threat-protection/intelligence/submission-guide.md @@ -23,7 +23,7 @@ If you have a file that you suspect might be malware or is being incorrectly det ## How do I send a malware file to Microsoft? -You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/wdsi/filesubmission). +You can send us files that you think might be malware or files that have been incorrectly detected through the [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission). We receive a large number of samples from many sources. Our analysis is prioritized by the number of file detections and the type of submission. You can help us complete a quick analysis by providing detailed information about the product you were using and what you were doing when you found the file. @@ -31,7 +31,7 @@ After you sign in, you will be able to track your submissions. ## Can I send a sample by email? -No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/wdsi/filesubmission). +No, we only accept submissions through our [sample submission portal](https://www.microsoft.com/en-us/wdsi/filesubmission). ## Can I submit a sample without signing in? @@ -43,7 +43,7 @@ The [Software Assurance ID (SAID)](https://www.microsoft.com/licensing/licensing ### How do I dispute the detection of my program? -[Submit the file](https://www.microsoft.com/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination. +[Submit the file](https://www.microsoft.com/en-us/wdsi/filesubmission) in question as a software developer. Wait until your submission has a final determination. If you’re not satisfied with our determination of the submission, use the developer contact form provided with the submission results to reach Microsoft. We will use the information you provide to investigate further if necessary. @@ -51,7 +51,7 @@ We encourage all software vendors and developers to read about [how Microsoft id ## How do I track or view past sample submissions? -You can track your submissions through the [submission history page](https://www.microsoft.com/wdsi/submissionhistory). +You can track your submissions through the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory). ## What does the submission status mean? @@ -63,7 +63,7 @@ Each submission is shown to be in one of the following status types: * Closed—a final determination has been given by an analyst -You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/wdsi/submissionhistory). +You can see the status of any files you submit to us on the [submission history page](https://www.microsoft.com/en-us/wdsi/submissionhistory). ## How does Microsoft prioritize submissions From d2369518496d5763effd2446453db0d0f50bdc72 Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Wed, 10 Nov 2021 09:11:58 -0800 Subject: [PATCH 31/79] Update advanced-security-auditing-faq.yml --- .../auditing/advanced-security-auditing-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 73605a664a..8fc368965e 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -15,7 +15,7 @@ metadata: audience: ITPro ms.collection: M365-security-compliance ms.topic: conceptual - ms.date: 09/06/2021 + ms.date: 11/10/2021 ms.technology: mde title: Advanced security auditing FAQ From 30cb6695254bf9900c3d642c73dbbe379a8a7502 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 12:14:38 -0500 Subject: [PATCH 32/79] Moved content from tables into bullets --- .../app-v/appv-performance-guidance.md | 155 ++++++++++++++---- 1 file changed, 119 insertions(+), 36 deletions(-) diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index 0f85aca3ee..9465ab32da 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -35,8 +35,8 @@ You should read and understand the following information before reading this doc - [App-V Sequencing Guide](https://www.microsoft.com/download/details.aspx?id=27760) -**Note**   -Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk * review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. +> [!Note] +> Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk `*`, review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document. Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI). @@ -91,27 +91,78 @@ Use the information in the following section for more information: As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both. -|Optimized for Performance|Optimized for Storage| -|--- |--- | -|To provide the most optimal user experience, this approach uses the capabilities of a UPM solution and requires extra image preparation and can incur some more image management overhead.

    The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.|The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.

    The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.| +- **Performance**: To provide the most optimal user experience, this approach uses the capabilities of a UPM solution and requires extra image preparation and can incur some more image management overhead. + + The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) (in this article). + +- **Storage**: The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image. + + The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) (in this article). ### Preparing your Environment -The following table displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach. +The following information displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach. -**Prepare the Base Image** +#### Prepare the Base Image -|Optimized for Performance|Optimized for Storage| -|--- |--- | -|
  • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
  • Configure for Shared Content Store (SCS) mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
  • Configure Preserve User Integrations on Login Registry DWORD.
  • Pre-configure all user- and global-targeted packages, for example, **Add-AppvClientPackage**.
  • Pre-configure all user- and global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**.
  • Pre-publish all global-targeted packages.
    Alternatively,
  • Perform a global publishing/refresh.
  • Perform a user publishing/refresh.
  • Unpublish all user-targeted packages.
  • Delete the following user-Virtual File System (VFS) entries
    AppData\Local\Microsoft\AppV\Client\VFS
    AppData\Roaming\Microsoft\AppV\Client\VFS|
  • Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).
  • Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.
  • Configure for Shared Content Store (SCS) mode. For more information, see Deploying the
  • App-V Sequencer and Configuring the Client.
  • Configure Preserve User Integrations on Login Registry DWORD.
  • Pre-configure all global-targeted packages, for example,** Add-AppvClientPackage**.
  • Pre-configure all global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**.
  • Pre-publish all global-targeted packages.| +- **Performance**: -**Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information: + - Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md). + - Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps. + - Configure for Shared Content Store (SCS) mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md). + - Configure Preserve User Integrations on Login Registry DWORD. + - Pre-configure all user and global-targeted packages, for example, **Add-AppvClientPackage**. + - Pre-configure all user- and global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**. + - Pre-publish all global-targeted packages. Or: + - Perform a global publishing/refresh. + - Perform a user publishing/refresh. + - Unpublish all user-targeted packages. + - Delete the following user-Virtual File System (VFS) entries: -|Configuration Setting|What does this do?|How should I use it?| -|--- |--- |--- | -|Shared Content Store (SCS) Mode
  • Configurable in Windows PowerShell with Set-AppvClientConfiguration -SharedContentStoreMode 1
    Or configurable with Group Policy, as described in [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).|When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).
    This helps to conserve local storage and minimize disk I/O per second (IOPS).|This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.| -|PreserveUserIntegrationsOnLogin
  • Configure in the Registry under **HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Integration**.
  • Create the DWORD value **PreserveUserIntegrationsOnLogin** with a value of 1.
  • Restart the App-V client service or restart the computer running the App-V Client.|If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then reintegrate*.
    For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.|If you don’t plan to pre-configure every available user package in the base image, use this setting.| -|MaxConcurrentPublishingRefresh
  • Configure in the Registry under **HKEY_LOCAL_MACHINE \ Software \ Microsoft \ AppV \ Client \ Publishing**.
  • Create the DWORD value **MaxConcurrentPublishingrefresh** with the desired maximum number of concurrent publishing refreshes.
  • The App-V client service and computer do not need to be restarted.|This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.|Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.
    If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.| + - `AppData\Local\Microsoft\AppV\Client\VFS` + - `AppData\Roaming\Microsoft\AppV\Client\VFS` + +- **Storage**: + + - Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md). + - Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps. + - Configure for Shared Content Store (SCS) mode. For more information, see [Deploying the + App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md). + - Configure Preserve User Integrations on Login Registry DWORD. + - Pre-configure all global-targeted packages, for example, **Add-AppvClientPackage**. + - Pre-configure all global-targeted connection groups, for example, **Add-AppvClientConnectionGroup**. + - Pre-publish all global-targeted packages. + +#### Configurations + +For critical App-V Client configurations and for a little more context and how-to, review the following configuration settings: + +- **Shared Content Store (SCS) Mode**: When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM). This helps to conserve local storage and minimize disk I/O per second (IOPS). + + This setting is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN. + + - Configurable in Windows PowerShell: `Set-AppvClientConfiguration -SharedContentStoreMode 1` + - Configurable with Group Policy: See [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md). + +- **PreserveUserIntegrationsOnLogin**: If you have not pre-configured (**Add-AppvClientPackage**) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then reintegrate*. + + For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh. + + If you don’t plan to pre-configure every available user package in the base image, use this setting. + + - Configure in the Registry under `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Integration`. + - Create the DWORD value **PreserveUserIntegrationsOnLogin** with a value of 1. + - Restart the App-V client service or restart the computer running the App-V Client. + +- **MaxConcurrentPublishingRefresh**: This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit. + + Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync. + + If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time. + + - Configure in the Registry under `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Publishing`. + - Create the DWORD value **MaxConcurrentPublishingrefresh** with the desired maximum number of concurrent publishing refreshes. + - The App-V client service and computer do not need to be restarted. ### Configure UE-V solution for App-V Approach @@ -125,8 +176,8 @@ For more information, see: In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](https://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows client overview](/windows/configuration/ue-v/uev-for-windows). -**Note**   -Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default. +> [!Note] +> Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default. UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices. @@ -134,12 +185,10 @@ UE-V will only support removing the .lnk file type from the exclusion list in th - If a user has an application installed on one device but not another with .lnk files enabled. -**Important**   -This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. +> [!Important] +> This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk. - - -Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types. +Using the Microsoft Registry Editor (regedit.exe), navigate to `HKEY\_LOCAL\_MACHINE\Software\Microsoft\UEV\Agent\Configuration\ExcludedFileTypes` and remove `.lnk` from the excluded file types. ## Configure other User Profile Management (UPM) solutions for App-V Approach @@ -155,12 +204,11 @@ To enable an optimized login experience, for example the App-V approach for the - Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations. - **Note**   - App-V is supported when using UPD only when the entire profile is stored on the user profile disk. - - App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders. - - + > [!Note] + > + > App-V is supported when using UPD only when the entire profile is stored on the user profile disk. + > + > App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders. - Capturing changes to the locations, which constitute the user integrations, prior to session logoff. @@ -202,15 +250,50 @@ Registry – HKEY\_CURRENT\_USER This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect. -|Optimized for Performance|Optimized for Storage| -|--- |--- | -|After implementing this approach in the VDI/RDSH environment, on first login,
  • (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.
  • (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
  • (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.

    On subsequent logins:
  • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
  • (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.
  • (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements.
  • (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications
  • (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous.

    ¹ The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.|After implementing this approach in the VDI/RDSH environment, on first login
  • (Operation) A user-publishing/refresh is initiated. (Expectation)
    • If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.
    • First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).
  • (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
  • (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.

    On subsequent logins:
  • (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.
  • (Operation) Add/refresh must pre-configure all user targeted applications.
    • (Expectation) This may increase the time to application availability significantly (on the order of 10’s of seconds).
    • This will increase the publishing refresh time relative to the number and complexity* of virtual applications.
  • (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.| +- **Performance**: After implementing this approach in the VDI/RDSH environment, on first login, + - (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh. + - (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
  • (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state. + + **On subsequent logins**: -|Outcome|Outcome| -|--- |--- | -|Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.

    The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.|Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.| + - (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh. + (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away. + - (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. + + (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications + + - (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous. + + ¹ The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. + + **Outcome**: + + - Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login. + - The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience. + +- **Storage**: After implementing this approach in the VDI/RDSH environment, on first login + + - (Operation) A user-publishing/refresh is initiated. (Expectation) + - If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh. + - First and subsequent logins will be impacted by pre-configuring of packages (add/refresh). + + - (Operation) After the publishing/refresh, the UPM solution captures the user integrations. + + (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state. + + **On subsequent logins**: + + - (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh. + - (Operation) Add/refresh must pre-configure all user targeted applications. + - (Expectation) This may increase the time to application availability significantly (on the order of 10’s of seconds). + - This will increase the publishing refresh time relative to the number and complexity* of virtual applications. + + - (Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements. + + **Outcome**: Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended. + ### Impact to Package Life Cycle Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section: @@ -418,4 +501,4 @@ The following terms are used when describing concepts and actions related to App ## Related topics -[Application Virtualization (App-V) overview](appv-for-windows.md) \ No newline at end of file +[Application Virtualization (App-V) overview](appv-for-windows.md) From f554f4063bf96ee5487821d140966b28a12d7d9c Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 12:24:29 -0500 Subject: [PATCH 33/79] Fixed numbering --- windows/client-management/mdm/applocker-csp.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md index 2de0a4123d..47fa84cd93 100644 --- a/windows/client-management/mdm/applocker-csp.md +++ b/windows/client-management/mdm/applocker-csp.md @@ -258,19 +258,19 @@ Data type is string. Supported operations are Get, Add, Delete, and Replace. -6. On your phone under **Device discovery**, tap **Pair**. You will get a code (case sensitive). -7. On the browser on the **Set up access page**, enter the code (case sensitive) into the text box and click **Submit**. +1. On your phone under **Device discovery**, tap **Pair**. You will get a code (case sensitive). +2. On the browser on the **Set up access page**, enter the code (case sensitive) into the text box and click **Submit**. The **Device Portal** page opens on your browser. ![device portal screenshot.](images/applocker-screenshot1.png) -8. On the desktop **Device Portal** page, click **Apps** to open the **App Manager**. -9. On the **App Manager** page under **Running apps**, you will see the **Publisher** and **PackageFullName** of apps. +3. On the desktop **Device Portal** page, click **Apps** to open the **App Manager**. +4. On the **App Manager** page under **Running apps**, you will see the **Publisher** and **PackageFullName** of apps. ![device portal app manager.](images/applocker-screenshot3.png) -10. If you do not see the app that you want, look under **Installed apps**. Using the drop- down menu, click on the application and you get the Version, Publisher, and PackageFullName displayed. +5. If you do not see the app that you want, look under **Installed apps**. Using the drop- down menu, click on the application and you get the Version, Publisher, and PackageFullName displayed. ![app manager.](images/applocker-screenshot2.png) @@ -278,7 +278,7 @@ The following table shows the mapping of information to the AppLocker publisher |Device portal data|AppLocker publisher rule field| |--- |--- | -|PackageFullName|ProductName
    The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.| +|PackageFullName|ProductName

    The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.| |Publisher|Publisher| |Version|Version

    This can be used either in the HighSection or LowSection of the BinaryVersionRange.

    HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version- independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.| @@ -1461,4 +1461,4 @@ In this example, Contoso is the node name. We recommend using a GUID for this no ## Related topics -[Configuration service provider reference](configuration-service-provider-reference.md) \ No newline at end of file +[Configuration service provider reference](configuration-service-provider-reference.md) From 447f1bcd8929bda76a03fe696be8be1c1511ac91 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 12:32:43 -0500 Subject: [PATCH 34/79] Put sample URLs in code tags --- .../mdm/azure-active-directory-integration-with-mdm.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 1ac0f3ab4d..ccbc13402c 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -135,7 +135,7 @@ Use the following steps to register a cloud-based MDM application with Azure AD. 8. Enter the login URL for your MDM service. -9. For the App ID, enter **https://<your\_tenant\_name>/ContosoMDM**, then select OK. +9. For the App ID, enter `https:///ContosoMDM`, then select OK. 10. While still in the Azure portal, select the **Configure** tab of your application. @@ -235,7 +235,7 @@ The Terms of Use endpoint is hosted by the MDM server. During the Azure AD Join ### Redirect to the Terms of Use endpoint -This redirect is a full page redirect to the Terms of User endpoint hosted by the MDM. Here's an example URL, https://fabrikam.contosomdm.com/TermsOfUse. +This redirect is a full page redirect to the Terms of User endpoint hosted by the MDM. Here's an example URL, `https://fabrikam.contosomdm.com/TermsOfUse`. The following parameters are passed in the query string: @@ -260,7 +260,7 @@ The following claims are expected in the access token passed by Windows to the T |Object ID|Identifier of the user object corresponding to the authenticated user.| |UPN|A claim containing the user principal name (UPN) of the authenticated user.| |TID|A claim representing the tenant ID of the tenant. In the example above, it's Fabrikam.| -|Resource|A sanitized URL representing the MDM application. Example,
    [https://fabrikam.contosomdm.com](https://fabrikam.contosomdm.com).| +|Resource|A sanitized URL representing the MDM application. Example: `https://fabrikam.contosomdm.com` | > [!NOTE] From aacc66032a162161ee5688016a3a3eacc343c13a Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 12:54:07 -0500 Subject: [PATCH 35/79] Removed extra --- .../mdm/configuration-service-provider-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md index 504e6ed823..8c85cf952f 100644 --- a/windows/client-management/mdm/configuration-service-provider-reference.md +++ b/windows/client-management/mdm/configuration-service-provider-reference.md @@ -1288,7 +1288,7 @@ The following list shows the CSPs supported in HoloLens devices: - [Policy CSP](policy-configuration-service-provider.md) - [Provisioning CSP (Provisioning only)](provisioning-csp.md) - [Reboot CSP](reboot-csp.md) -- [RemoteWipe CSP](remotewipe-csp.md)5 +- [RemoteWipe CSP](remotewipe-csp.md) - [RootCATrustedCertificates CSP](rootcacertificates-csp.md) - [UnifiedWriteFilter CSP](unifiedwritefilter-csp.md) - [Update CSP](update-csp.md) From e5b19b31f69a7c0f0572014e928769dc45586b87 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 13:19:36 -0500 Subject: [PATCH 36/79] Removed text from table into bullets --- .../mdm/device-update-management.md | 29 +++++++++++++++---- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md index 2586da6859..b1d7b62247 100644 --- a/windows/client-management/mdm/device-update-management.md +++ b/windows/client-management/mdm/device-update-management.md @@ -356,11 +356,30 @@ If the **Specify intranet Microsoft update service location** policy is enabled, If the **Allow Telemetry** policy is enabled and the Options value is set to 0, then the **Defer upgrades by**, **Defer updates by** and **Pause Updates and Upgrades** settings have no effect. -|Update category|Maximum deferral|Deferral increment|Update type/notes| -|--- |--- |--- |--- | -|OS upgrade|8 months|1 month|Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5| -|Update|1 month|1 week|
    **Note:**
    If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
  • Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441
  • Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4
  • Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F
  • Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828
  • Tools - B4832BD8-E735-4761-8DAF-37F882276DAB
  • Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F
  • Update -
  • CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83
  • Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0| -|Other/cannot defer|No deferral|No deferral|Any update category not enumerated above falls into this category.

    Definition Update - E0789628-CE08-4437-BE74-2495B842F43B| +- **Update category**: OS upgrade + - **Maximum deferral**: 8 months + - **Deferral increment**: 1 month + - **Update type/notes**: Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5 + +- **Update category**: Update + - **Maximum deferral**: 1 month + - **Deferral increment**: 1 week + - **Update type/notes**: If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic. + + - Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441 + - Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4 + - Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F + - Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828 + - Tools - B4832BD8-E735-4761-8DAF-37F882276DAB + - Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F + - Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83 + - Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0 + +- **Update category**: Other/cannot defer + - **Maximum deferral**: No deferral + - **Deferral increment**: No deferral + - **Update type/notes**: Any update category not enumerated above falls into this category. + - Definition Update - E0789628-CE08-4437-BE74-2495B842F43B **Update/DeferUpgradePeriod** > [!NOTE] From 9089f3afd59c73a6b527d0590f4f7dfbee109bdc Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 13:30:40 -0500 Subject: [PATCH 37/79] Added
    tags to table --- windows/client-management/mdm/get-product-package.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md index 7c5c2e077b..d08a8b434a 100644 --- a/windows/client-management/mdm/get-product-package.md +++ b/windows/client-management/mdm/get-product-package.md @@ -36,9 +36,7 @@ The following parameters may be specified in the request URI. |Error code|Description|Retry|Data field|Details| |--- |--- |--- |--- |--- | -|400|Invalid parameters|No|Parameter name -Reason: Invalid parameter -Details: String|Can be productId, skuId, or packageId| +|400|Invalid parameters|No|Parameter name

    Reason: Invalid parameter

    Details: String|Can be productId, skuId, or packageId| |404|Not found|||Item type: Product/SKU| |409|Conflict||Reason: Not owned|| From 1954e1ff6e2d0cb001bd0bbf7419c9a9fe28e630 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 13:32:10 -0500 Subject: [PATCH 38/79] Added
    tags to table --- windows/client-management/mdm/get-product-packages.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md index 9c3e90586c..6dede5eb3e 100644 --- a/windows/client-management/mdm/get-product-packages.md +++ b/windows/client-management/mdm/get-product-packages.md @@ -36,9 +36,7 @@ The following parameters may be specified in the request URI. |Error code|Description|Retry|Data field| |--- |--- |--- |--- | -|400|Invalid parameters|No|Parameter name -Reason: Missing parameter or invalid parameter -Details: String| +|400|Invalid parameters|No|Parameter name

    Reason: Missing parameter or invalid parameter

    Details: String| |404|Not found||| |409|Conflict||Reason: Not owned| From bbb4270b46108837b52d8b5321684935a1c32d95 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 13:34:38 -0500 Subject: [PATCH 39/79] Added
    tags to table --- windows/client-management/mdm/get-seat.md | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index 82f7c29f61..10a3f3ea3b 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -43,11 +43,8 @@ The response body contains [SeatDetails](data-structures-windows-store-for-busin |Error code|Description|Retry|Data field|Details| |--- |--- |--- |--- |--- | -|400|Invalid parameters|No|Parameter name -Reason: Missing parameter or invalid parameter -Details: String|Invalid can include productId, skuId or username| -|404|Not found|||ItemType: Inventory, User, Seat -Values: ProductId/SkuId, UserName, ProductId/SkuId/Username| +|400|Invalid parameters|No|Parameter name

    Reason: Missing parameter or invalid parameter

    Details: String|Invalid can include productId, skuId or username| +|404|Not found|||ItemType: Inventory, User, Seat

    Values: ProductId/SkuId, UserName, ProductId/SkuId/Username| |409|Conflict||Reason: Not online||   From c5bf48081958f54ab3095f810c9c1e3b54f0f1ae Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 13:36:21 -0500 Subject: [PATCH 40/79] Added
    tags to table --- .../client-management/mdm/get-seats-assigned-to-a-user.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md index 123c7969ce..099ad10917 100644 --- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md +++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md @@ -43,9 +43,8 @@ The response body contain [SeatDetailsResultSet](data-structures-windows-store-f |Error code|Description|Retry|Data field| |--- |--- |--- |--- | -|400|Invalid parameters|No|Parameter name
    Reason: Invalid parameter
    Details: String| -|404|Not found||Item type: User -Values: UserName| +|400|Invalid parameters|No|Parameter name

    Reason: Invalid parameter

    Details: String| +|404|Not found||Item type: User

    Values: UserName|   From 7e81b99142a8c7c3590e9878f0232b84069c7b19 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 13:42:40 -0500 Subject: [PATCH 41/79] Removed extra spacing to rebuild file --- windows/client-management/mdm/get-seat.md | 8 -------- 1 file changed, 8 deletions(-) diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md index 10a3f3ea3b..920c40c4e5 100644 --- a/windows/client-management/mdm/get-seat.md +++ b/windows/client-management/mdm/get-seat.md @@ -46,11 +46,3 @@ The response body contains [SeatDetails](data-structures-windows-store-for-busin |400|Invalid parameters|No|Parameter name

    Reason: Missing parameter or invalid parameter

    Details: String|Invalid can include productId, skuId or username| |404|Not found|||ItemType: Inventory, User, Seat

    Values: ProductId/SkuId, UserName, ProductId/SkuId/Username| |409|Conflict||Reason: Not online|| -  - -  - - - - - From b58f748fd8275563e6982d8c8b5febc9e23d0fe2 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Nov 2021 00:33:24 +0530 Subject: [PATCH 42/79] removed sentences and added correct sentences as per user report #10054 , so i corrected the wrong sentences to correct sentences. i added after verifying with Windows 11 ADMX gpo. --- windows/client-management/mdm/policy-csp-userrights.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 65fb6facfd..dab6c7c86d 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -1080,9 +1080,10 @@ GP Info: -This security setting determines which service accounts are prevented from registering a process as a service. +This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies. + > [!NOTE] -> This security setting does not apply to the System, Local Service, or Network Service accounts. +> If you apply this security policy to the Everyone group, no one will be able to log on locally. From 529eb251a4a2dc5cd455b756538716bf2ed7cff8 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Nov 2021 00:40:00 +0530 Subject: [PATCH 43/79] corrected word as per user feedback #10038 --- .../tpm/trusted-platform-module-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md index e401d19506..c5a7d50e68 100644 --- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md +++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md @@ -32,7 +32,7 @@ This topic for the IT professional describes the Trusted Platform Module (TPM) a - Generate, store, and limit the use of cryptographic keys. -- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into itself. +- Use TPM technology for platform device authentication by using the TPM’s unique RSA key, which is burned into it. - Help ensure platform integrity by taking and storing security measurements. From 5e1c6b77383742f75ec0847a0a4da1461f4c4892 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 10 Nov 2021 12:15:33 -0800 Subject: [PATCH 44/79] Correct note styles --- .../mdm/enterpriseappmanagement-csp.md | 12 +++++++----- .../mdm/enterpriseassignedaccess-csp.md | 9 ++++++--- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index fd9d3891b3..9d5a10633f 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -17,7 +17,8 @@ ms.date: 06/26/2017 The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment. -> **Note**   The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile. +> [!NOTE] +> The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile. @@ -81,7 +82,8 @@ Optional. The character string that contains the search criteria to search for t Supported operations are Get and Add. -> **Note**   Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00 +> [!NOTE] +> Do NOT use Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00. The server must replace this value in the supplied client certificate. If your server returns a client certificate containing the same Subject value, this can cause unexpected behavior. The server should always override the subject value and not use the default device-provided Device ID Subject= Subject=CN%3DB1C43CD0-1624-5FBB-8E54-34CF17DFD3A1\\x00 @@ -431,10 +433,10 @@ Install or update the installed app with the product ID “{B316008A-141D-4A79-8 To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog. -> **Note**   +> [!NOTE]   > 1. If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). - -2. The application product ID curly braces need to be escaped where { is %7B and } is %7D. +> +> 2. The application product ID curly braces need to be escaped where { is %7B and } is %7D. diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index 19e286781b..8d9ab483ca 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -17,7 +17,8 @@ ms.date: 07/12/2017 The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings, such as language and themes, lock down a device, and configure custom layouts on a device. For example, the administrator can lock down a device so that only applications specified in an Allow list are available. Apps not on the Allow list remain installed on the device, but are hidden from view and blocked from launching. -> **Note**   The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile. +> [!NOTE] +> The EnterpriseAssignedAccess CSP is only supported in Windows 10 Mobile. For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](/uwp/api/Windows.Embedded.DeviceLockdown.DeviceLockdownProfile). @@ -789,7 +790,8 @@ The culture code that identifies the language to display on a device, and specif The language setting is configured in the Default User profile only. -> **Note**  Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required. +> [!NOTE] +> Apply the Locale ID only after the corresponding language packs are built into and supported for the OS image running on the device. The specified language will be applied as the phone language and a restart may be required. Supported operations are Get and Replace. @@ -798,7 +800,8 @@ Supported operations are Get and Replace. The XML examples in this section show how to perform various tasks by using OMA client provisioning. -> **Note**  These examples are XML snippets and do not include all sections that are required for a complete lockdown XML file. +> [!NOTE] +> These examples are XML snippets and do not include all sections that are required for a complete lockdown XML file. From d6a8f600c666be0de37613adc20a6da7fe31a98a Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 10 Nov 2021 12:16:57 -0800 Subject: [PATCH 45/79] Correct list, from ordered to unordered --- windows/client-management/mdm/enterpriseappmanagement-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index 9d5a10633f..edba999d96 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -434,9 +434,9 @@ Install or update the installed app with the product ID “{B316008A-141D-4A79-8 To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog. > [!NOTE]   -> 1. If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). +> - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). > -> 2. The application product ID curly braces need to be escaped where { is %7B and } is %7D. +> -The application product ID curly braces need to be escaped where { is %7B and } is %7D. From f136bda35ce906b310cd0e89561199d149f652f6 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 10 Nov 2021 12:24:33 -0800 Subject: [PATCH 46/79] Corrected code block label to a valid type Valid types are listed here: https://review.docs.microsoft.com/en-us/help/contribute/metadata-taxonomies?branch=master#dev-lang --- .../mdm/enterprisedataprotection-csp.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md index b999a6dbee..07388f0b79 100644 --- a/windows/client-management/mdm/enterprisedataprotection-csp.md +++ b/windows/client-management/mdm/enterprisedataprotection-csp.md @@ -30,7 +30,8 @@ To learn more about WIP, see the following articles: - [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip) The following shows the EnterpriseDataProtection CSP in tree format. -``` + +```console ./Device/Vendor/MSFT EnterpriseDataProtection ----Settings @@ -45,6 +46,7 @@ EnterpriseDataProtection --------EDPShowIcons ----Status ``` + **./Device/Vendor/MSFT/EnterpriseDataProtection** The root node for the CSP. @@ -71,7 +73,6 @@ Changing the primary enterprise ID is not supported and may cause unexpected beh > [!Note] > The client requires domain name to be canonical, otherwise the setting will be rejected by the client. - Here are the steps to create canonical domain names: @@ -111,7 +112,6 @@ The CSP checks the current edition and hardware support (TPM), and returns an er > [!Note] > This setting is only supported in Windows 10 Mobile. - Supported operations are Add, Get, Replace, and Delete. Value type is integer. @@ -124,7 +124,7 @@ Specifies a recovery certificate that can be used for data recovery of encrypted DRA information from MDM policy must be a serialized binary blob identical to what we expect from GP. The binary blob is the serialized version of following structure: -``` syntax +```cpp // //  Recovery Policy Data Structures // @@ -243,7 +243,6 @@ typedef enum _PUBLIC_KEY_SOURCE_TAG { EfsCertificate, EfsCertificateThumbprint } PUBLIC_KEY_SOURCE_TAG, *PPUBLIC_KEY_SOURCE_TAG; - ``` For EFSCertificate KeyTag, it is expected to be a DER ENCODED binary certificate. From 5365950ead00043ac91cfda01bf8e755bf464c0e Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 10 Nov 2021 12:29:34 -0800 Subject: [PATCH 47/79] Removed spaces after "> [!NOTE]" to fix [Warning: invalid-note-section] --- windows/client-management/mdm/enterpriseappmanagement-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index edba999d96..e175307cbd 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -433,7 +433,7 @@ Install or update the installed app with the product ID “{B316008A-141D-4A79-8 To perform an XAP update, create the Name, URL, Version, and DownloadInstall nodes first, then perform an “execute” on the “DownloadInstall” node (all within an “Atomic” operation). If the application does not exist, the application will be silently installed without any user interaction. If the application cannot be installed, the user will be notified with an Alert dialog. -> [!NOTE]   +> [!NOTE] > - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). > > -The application product ID curly braces need to be escaped where { is %7B and } is %7D. From c54fd2f39b848ce6e5dddb291d104fa22a1c1b6f Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 10 Nov 2021 12:37:14 -0800 Subject: [PATCH 48/79] Fix misformatted bullet --- windows/client-management/mdm/enterpriseappmanagement-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enterpriseappmanagement-csp.md b/windows/client-management/mdm/enterpriseappmanagement-csp.md index e175307cbd..1910df9821 100644 --- a/windows/client-management/mdm/enterpriseappmanagement-csp.md +++ b/windows/client-management/mdm/enterpriseappmanagement-csp.md @@ -436,7 +436,7 @@ To perform an XAP update, create the Name, URL, Version, and DownloadInstall nod > [!NOTE] > - If a previous app-update node existed for this product ID (the node can persist for up to 1 week or 7 days after an installation has completed), then a 418 (already exist) error would be returned on the “Add”. To get around the 418 error, the server should issue a Replace command for the Name, URL, and Version nodes, and then execute on the “DownloadInstall” (within an “Atomic” operation). > -> -The application product ID curly braces need to be escaped where { is %7B and } is %7D. +> - The application product ID curly braces need to be escaped where { is %7B and } is %7D. From d638609390c896c0db3596f881cc8feadd234855 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Wed, 10 Nov 2021 12:39:45 -0800 Subject: [PATCH 49/79] Add valid label to code block --- windows/client-management/mdm/enterpriseassignedaccess-csp.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/enterpriseassignedaccess-csp.md b/windows/client-management/mdm/enterpriseassignedaccess-csp.md index 8d9ab483ca..db8f48e055 100644 --- a/windows/client-management/mdm/enterpriseassignedaccess-csp.md +++ b/windows/client-management/mdm/enterpriseassignedaccess-csp.md @@ -23,7 +23,8 @@ The EnterpriseAssignedAccess configuration service provider allows IT administra For more information about how to interact with the lockdown XML at runtime, see [**DeviceLockdownProfile class**](/uwp/api/Windows.Embedded.DeviceLockdown.DeviceLockdownProfile). The following shows the EnterpriseAssignedAccess configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. -``` + +```console ./Vendor/MSFT EnterpriseAssignedAccess ----AssignedAccess @@ -39,6 +40,7 @@ EnterpriseAssignedAccess ----Locale --------Language ``` + The following list shows the characteristics and parameters. **./Vendor/MSFT/EnterpriseAssignedAccess/** From faa9ed2d64a96aef022239e4bed51e81d326df89 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Wed, 10 Nov 2021 18:55:38 -0500 Subject: [PATCH 50/79] Fixed formatting issues --- .../app-v/appv-performance-guidance.md | 39 +++++++++++-------- 1 file changed, 22 insertions(+), 17 deletions(-) diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md index 9465ab32da..1c1e8d7d21 100644 --- a/windows/application-management/app-v/appv-performance-guidance.md +++ b/windows/application-management/app-v/appv-performance-guidance.md @@ -254,19 +254,21 @@ This following is a step-by-step walk-through of the App-V and UPM operations an - (Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh. - (Operation) After the publishing/refresh, the UPM solution captures the user integrations.
  • (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state. - **On subsequent logins**: + **On subsequent logins**: - - (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh. + - (Operation) UPM solution applies the user integrations to the system prior to publishing/refresh. - (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away. + (Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away. - - (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. + - (Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. - (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications - - - (Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous. + (Expectation) If there are no entitlement changes, publishing will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity of virtual applications - ¹ The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. + The publishing operation (**Publish-AppVClientPackage**) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. + + - (Operation) UPM solution will capture user integrations again at logoff. + + (Expectation) Same as previous. **Outcome**: @@ -275,9 +277,12 @@ This following is a step-by-step walk-through of the App-V and UPM operations an - **Storage**: After implementing this approach in the VDI/RDSH environment, on first login - - (Operation) A user-publishing/refresh is initiated. (Expectation) - - If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh. - - First and subsequent logins will be impacted by pre-configuring of packages (add/refresh). + - (Operation) A user-publishing/refresh is initiated. + + (Expectation): + + - If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh. + - First and subsequent logins will be impacted by pre-configuring of packages (add/refresh). - (Operation) After the publishing/refresh, the UPM solution captures the user integrations. @@ -388,8 +393,8 @@ Removing FB1 does not require the original application installer. After completi "C:\\UpgradedPackages" - **Note**   - This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. + > [!Note] + > This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file. |Step|Considerations|Benefits|Tradeoffs| |--- |--- |--- |--- | @@ -438,15 +443,15 @@ For documentation on How to Apply a Dynamic Configuration, see: - Open AppxManifest.xml and locate the following: - ``` + ```xml ``` - **Note**  If there are fonts marked as **DelayLoad**, those will not impact first launch. - + > [!Note] + > If there are fonts marked as **DelayLoad**, those will not impact first launch. ### Excluding virtual fonts from the package @@ -456,7 +461,7 @@ Use the dynamic configuration file that best suits the user scope – deployment Fonts -``` +```xml --> From c1044532188ff3d396b9536493c726615218c5cc Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Nov 2021 14:23:04 +0530 Subject: [PATCH 67/79] Update windows/client-management/mdm/policy-csp-userrights.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- windows/client-management/mdm/policy-csp-userrights.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 831904f3c7..8959c2173e 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -1080,7 +1080,7 @@ GP Info: -This security setting determines which users are prevented from logging on at the computer. This policy setting supersedes the Allow log on locally policy setting if an account is subject to both policies. +This security setting determines which users are prevented from logging on to the computer. This policy setting supersedes the **Allow log on locally** policy setting if an account is subject to both policies. > [!NOTE] > If you apply this security policy to the **Everyone** group, no one will be able to log on locally. From 4f9c427fe1879a16e1960551843da11a4bd7f25f Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 11 Nov 2021 22:12:06 +0530 Subject: [PATCH 68/79] added windows 11 specification link after reading this article, i found the windows 11 specification link is missing because TPM 2.0 is required for windows 11. So i added Windows 11 link. --- .../information-protection/tpm/how-windows-uses-the-tpm.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index 038e7da093..02e4ee6bff 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -23,6 +23,7 @@ The Windows operating system improves most existing security features in the ope **See also:** +- [Windows 11 Specifications](https://www.microsoft.com/windows/windows-11-specifications) - [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) From 62186164766c1157e7fb0076b2f8fbf2a53d14c0 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Thu, 11 Nov 2021 09:42:54 -0700 Subject: [PATCH 69/79] Update wcd-policies.md Fix Acro spelling issues --- windows/configuration/wcd/wcd-policies.md | 24 +++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md index 0e11b80de9..f7629487bb 100644 --- a/windows/configuration/wcd/wcd-policies.md +++ b/windows/configuration/wcd/wcd-policies.md @@ -168,7 +168,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star | [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | | ✔️ | | [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✔️ | | [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✔️ | -| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlyinng connections VPN is allowed to use. |✔️ | ✔️ | | ✔️ | +| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. |✔️ | ✔️ | | ✔️ | | [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | | ✔️ | | HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | | ✔️ | | HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✔️ | ✔️ | | ✔️ | @@ -203,11 +203,11 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star | [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✔️ | | | | | [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ | | | | | [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✔️ | | | | -| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defeder scan (in percent). | ✔️ | | | | +| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✔️ | | | | | [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | | -| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore durinng a scan. Separate each file type in the list by using \|. | ✔️ | | | | +| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✔️ | | | | | [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | | -| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore durinng a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | | +| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | | | [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | | | [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | | | [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | | @@ -231,12 +231,12 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star | [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ | | | | | [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ | | | | | [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ | | | | -| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity usinng Delivery Optimization. | ✔️ | | | | +| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization. | ✔️ | | | | | [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ | | | | | [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ | | | | -| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capabity in GB) for the device to use Peer Caching. | ✔️ | | | | +| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✔️ | | | | | [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ | | | | -| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB requried to use Peer Caching. | ✔️ | | | | +| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✔️ | | | | | [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ | | | | | [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ | | | | | [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | | @@ -294,7 +294,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star | [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | | | | | [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ | | | | | [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | | | | -| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggetions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | | +| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | | | [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✔️ | | | | | [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | | | | | [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ | | | | @@ -396,7 +396,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in | [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | | | [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | | ✔️ | | | [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | | | | -| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.

    - **Off** setting disables Windows indexer
    - **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)
    - **Enterprise** setting reduces potential network loads for enterprises
    - **Standard** setting is appropriate for consuemrs | ✔️ | | | | +| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.

    - **Off** setting disables Windows indexer
    - **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)
    - **Enterprise** setting reduces potential network loads for enterprises
    - **Standard** setting is appropriate for consumers | ✔️ | | | | | [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | | | | | [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | | | | | [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | | | | @@ -434,7 +434,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | | --- | --- | :---: | :---: | :---: | :---: | | [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ | | | | -| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloadds shortcut on the Start menu. | ✔️ | | | | +| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | | | [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | | @@ -513,7 +513,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl | Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core | |---------|-------------|:--------------:|:-----------:|:--------:|:--------:| -| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update rboots are not scheduled. | ✔️ | ✔️ | | ✔️ | +| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ | | [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ | | [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ | | [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ | @@ -538,7 +538,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl | [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ | | [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | | [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ | -| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windws Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ | +| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ | | [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | | ✔️ | | ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ | | PhoneUpdateRestrictions | Deprecated | | ✔️ | | | From b1ecb865569b6f1535c94b69bbaa180bd5c386e9 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Thu, 11 Nov 2021 10:53:14 -0700 Subject: [PATCH 70/79] Update windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml --- .../auditing/advanced-security-auditing-faq.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml index 8fc368965e..8cce54444d 100644 --- a/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml +++ b/windows/security/threat-protection/auditing/advanced-security-auditing-faq.yml @@ -25,7 +25,7 @@ summary: This topic for the IT professional lists questions and answers about un - [What is the difference between audit policies located in Local Policies\\Audit Policy and audit policies located in Advanced Audit Policy Configuration?](#what-is-the-difference-between-audit-policies-located-in-local-policies--audit-policy-and-audit-policies-located-in-advanced-audit-policy-configuration-) - - [What is the interasction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) + - [What is the interaction between basic audit policy settings and advanced audit policy settings?](#what-is-the-interaction-between-basic-audit-policy-settings-and-advanced-audit-policy-settings-) - [How are audit settings merged by Group Policy?](#how-are-audit-settings-merged-by-group-policy-) From 29502634788456431a41f18530c0387e6a63be7d Mon Sep 17 00:00:00 2001 From: Denise Vangel-MSFT Date: Thu, 11 Nov 2021 11:43:21 -0800 Subject: [PATCH 71/79] Update policy-csp-userrights.md --- windows/client-management/mdm/policy-csp-userrights.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md index 8959c2173e..be84a95bca 100644 --- a/windows/client-management/mdm/policy-csp-userrights.md +++ b/windows/client-management/mdm/policy-csp-userrights.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 09/27/2019 +ms.date: 11/11/2021 ms.reviewer: manager: dansimp --- From 7026162d2168316ed583262a75000729d702c3c6 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 11 Nov 2021 19:09:27 -0800 Subject: [PATCH 72/79] Fix formatting by replacing bullet characters with proper markup --- .../tpm/how-windows-uses-the-tpm.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index 038e7da093..2b05343896 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -80,12 +80,11 @@ The adoption of new authentication technology requires that identity providers a Identity providers have flexibility in how they provision credentials on client devices. For example, an organization might provision only those devices that have a TPM so that the organization knows that a TPM protects the credentials. The ability to distinguish a TPM from malware acting like a TPM requires the following TPM capabilities (see Figure 1): -• **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM. +- **Endorsement key**. The TPM manufacturer can create a special key in the TPM called an *endorsement key*. An endorsement key certificate, signed by the manufacturer, says that the endorsement key is present in a TPM that the manufacturer made. Solutions can use the certificate with the TPM containing the endorsement key to confirm a scenario really involves a TPM from a specific TPM manufacturer (instead of malware acting like a TPM. -• **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios. +- **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios. ![TPM Capabilities.](images/tpm-capabilities.png) - *Figure 1: TPM Cryptographic Key Management* For Windows Hello for Business, Microsoft can fill the role of the identity CA. Microsoft services can issue an attestation identity key certificate for each device, user, and identify provider to ensure that privacy is protected and to help identity providers ensure that device TPM requirements are met before Windows Hello for Business credentials are provisioned. @@ -96,9 +95,9 @@ BitLocker provides full-volume encryption to protect data at rest. The most comm In the most common configuration, BitLocker encrypts the operating system volume so that if the computer or hard disk is lost or stolen when powered off, the data on the volume remains confidential. When the computer is turned on, starts normally, and proceeds to the Windows logon prompt, the only path forward is for the user to log on with his or her credentials, allowing the operating system to enforce its normal file permissions. If something about the boot process changes, however—for example, a different operating system is booted from a USB device—the operating system volume and user data cannot be read and are not accessible. The TPM and system firmware collaborate to record measurements of how the system started, including loaded software and configuration details such as whether boot occurred from the hard drive or a USB device. BitLocker relies on the TPM to allow the use of a key only when startup occurs in an expected way. The system firmware and TPM are carefully designed to work together to provide the following capabilities: -• **Hardware root of trust for measurement**. A TPM allows software to send it commands that record measurements of software or configuration information. This information can be calculated using a hash algorithm that essentially transforms a lot of data into a small, statistically unique hash value. The system firmware has a component called the Core Root of Trust for Measurement (CRTM) that is implicitly trusted. The CRTM unconditionally hashes the next software component and records the measurement value by sending a command to the TPM. Successive components, whether system firmware or operating system loaders, continue the process by measuring any software components they load before running them. Because each component’s measurement is sent to the TPM before it runs, a component cannot erase its measurement from the TPM. (However, measurements are erased when the system is restarted.) The result is that at each step of the system startup process, the TPM holds measurements of boot software and configuration information. Any changes in boot software or configuration yield different TPM measurements at that step and later steps. Because the system firmware unconditionally starts the measurement chain, it provides a hardware-based root of trust for the TPM measurements. At some point in the startup process, the value of recording all loaded software and configuration information diminishes and the chain of measurements stops. The TPM allows for the creation of keys that can be used only when the platform configuration registers that hold the measurements have specific values. +- **Hardware root of trust for measurement**. A TPM allows software to send it commands that record measurements of software or configuration information. This information can be calculated using a hash algorithm that essentially transforms a lot of data into a small, statistically unique hash value. The system firmware has a component called the Core Root of Trust for Measurement (CRTM) that is implicitly trusted. The CRTM unconditionally hashes the next software component and records the measurement value by sending a command to the TPM. Successive components, whether system firmware or operating system loaders, continue the process by measuring any software components they load before running them. Because each component’s measurement is sent to the TPM before it runs, a component cannot erase its measurement from the TPM. (However, measurements are erased when the system is restarted.) The result is that at each step of the system startup process, the TPM holds measurements of boot software and configuration information. Any changes in boot software or configuration yield different TPM measurements at that step and later steps. Because the system firmware unconditionally starts the measurement chain, it provides a hardware-based root of trust for the TPM measurements. At some point in the startup process, the value of recording all loaded software and configuration information diminishes and the chain of measurements stops. The TPM allows for the creation of keys that can be used only when the platform configuration registers that hold the measurements have specific values. -• **Key used only when boot measurements are accurate**. BitLocker creates a key in the TPM that can be used only when the boot measurements match an expected value. The expected value is calculated for the step in the startup process when Windows Boot Manager runs from the operating system volume on the system hard drive. Windows Boot Manager, which is stored unencrypted on the boot volume, needs to use the TPM key so that it can decrypt data read into memory from the operating system volume and startup can proceed using the encrypted operating system volume. If a different operating system is booted or the configuration is changed, the measurement values in the TPM will be different, the TPM will not let Windows Boot Manager use the key, and the startup process cannot proceed normally because the data on the operating system cannot be decrypted. If someone tries to boot the system with a different operating system or a different device, the software or configuration measurements in the TPM will be wrong and the TPM will not allow use of the key needed to decrypt the operating system volume. As a failsafe, if measurement values change unexpectedly, the user can always use the BitLocker recovery key to access volume data. Organizations can configure BitLocker to store the recovery key-in Active Directory Domain Services (AD DS). +- **Key used only when boot measurements are accurate**. BitLocker creates a key in the TPM that can be used only when the boot measurements match an expected value. The expected value is calculated for the step in the startup process when Windows Boot Manager runs from the operating system volume on the system hard drive. Windows Boot Manager, which is stored unencrypted on the boot volume, needs to use the TPM key so that it can decrypt data read into memory from the operating system volume and startup can proceed using the encrypted operating system volume. If a different operating system is booted or the configuration is changed, the measurement values in the TPM will be different, the TPM will not let Windows Boot Manager use the key, and the startup process cannot proceed normally because the data on the operating system cannot be decrypted. If someone tries to boot the system with a different operating system or a different device, the software or configuration measurements in the TPM will be wrong and the TPM will not allow use of the key needed to decrypt the operating system volume. As a failsafe, if measurement values change unexpectedly, the user can always use the BitLocker recovery key to access volume data. Organizations can configure BitLocker to store the recovery key-in Active Directory Domain Services (AD DS). Device hardware characteristics are important to BitLocker and its ability to protect data. One consideration is whether the device provides attack vectors when the system is at the logon screen. For example, if the Windows device has a port that allows direct memory access so that someone can plug in hardware and read memory, an attacker can read the operating system volume’s decryption key from memory while at the Windows logon screen. To mitigate this risk, organizations can configure BitLocker so that the TPM key requires both the correct software measurements and an authorization value. The system startup process stops at Windows Boot Manager, and the user is prompted to enter the authorization value for the TPM key or insert a USB device with the value. This process stops BitLocker from automatically loading the key into memory where it might be vulnerable, but has a less desirable user experience. @@ -122,7 +121,7 @@ TPM measurements are designed to avoid recording any privacy-sensitive informati The TPM provides the following way for scenarios to use the measurements recorded in the TPM during boot: -• **Remote Attestation**. Using an attestation identity key, the TPM can generate and cryptographically sign a statement (or*quote*) of the current measurements in the TPM. Windows can create unique attestation identity keys for various scenarios to prevent separate evaluators from collaborating to track the same device. Additional information in the quote is cryptographically scrambled to limit information sharing and better protect privacy. By sending the quote to a remote entity, a device can attest which software and configuration settings were used to boot the device and initialize the operating system. An attestation identity key certificate can provide further assurance that the quote is coming from a real TPM. Remote attestation is the process of recording measurements in the TPM, generating a quote, and sending the quote information to another system that evaluates the measurements to establish trust in a device. Figure 2 illustrates this process. +- **Remote Attestation**. Using an attestation identity key, the TPM can generate and cryptographically sign a statement (or*quote*) of the current measurements in the TPM. Windows can create unique attestation identity keys for various scenarios to prevent separate evaluators from collaborating to track the same device. Additional information in the quote is cryptographically scrambled to limit information sharing and better protect privacy. By sending the quote to a remote entity, a device can attest which software and configuration settings were used to boot the device and initialize the operating system. An attestation identity key certificate can provide further assurance that the quote is coming from a real TPM. Remote attestation is the process of recording measurements in the TPM, generating a quote, and sending the quote information to another system that evaluates the measurements to establish trust in a device. Figure 2 illustrates this process. When new security features are added to Windows, Measured Boot adds security-relevant configuration information to the measurements recorded in the TPM. Measured Boot enables remote attestation scenarios that reflect the system firmware and the Windows initialization state. @@ -149,17 +148,18 @@ The resulting solution provides defense in depth, because even if malware runs i The TPM adds hardware-based security benefits to Windows. When installed on hardware that includes a TPM, Window delivers remarkably improved security benefits. The following table summarizes the key benefits of the TPM’s major features. +
    |Feature | Benefits when used on a system with a TPM| |---|---| -| Platform Crypto Provider | •     If the machine is compromised, the private key associated with the certificate cannot be copied off the device.
    •     The TPM’s dictionary attack mechanism protects PIN values to use a certificate. -| Virtual Smart Card | •     Achieve security similar to that of physical smart cards without deploying physical smart cards or card readers.| -| Windows Hello for Business | •     Credentials provisioned on a device cannot be copied elsewhere.
    •     Confirm a device’s TPM before credentials are provisioned. | -| BitLocker Drive Encryption | •     Multiple options are available for enterprises to protect data at rest while balancing security requirements with different device hardware. -|Device Encryption | •     With a Microsoft account and the right hardware, consumers’ devices seamlessly benefit from data-at-rest protection. -| Measured Boot | •     A hardware root of trust contains boot measurements that help detect malware during remote attestation. -| Health Attestation | •     MDM solutions can easily perform remote attestation and evaluate client health before granting access to resources or cloud services such as Office 365. -| Credential Guard | •     Defense in depth increases so that even if malware has administrative rights on one machine, it is significantly more difficult to compromise additional machines in an organization. +| Platform Crypto Provider |
    • If the machine is compromised, the private key associated with the certificate cannot be copied off the device.
    • The TPM’s dictionary attack mechanism protects PIN values to use a certificate.
    | +| Virtual Smart Card |
    • Achieve security similar to that of physical smart cards without deploying physical smart cards or card readers.
    | +| Windows Hello for Business |
    • Credentials provisioned on a device cannot be copied elsewhere.
    • Confirm a device’s TPM before credentials are provisioned.
    | +| BitLocker Drive Encryption |
    • Multiple options are available for enterprises to protect data at rest while balancing security requirements with different device hardware.
    | +|Device Encryption |
    • With a Microsoft account and the right hardware, consumers’ devices seamlessly benefit from data-at-rest protection.
    | +| Measured Boot |
    • A hardware root of trust contains boot measurements that help detect malware during remote attestation.
    | +| Health Attestation |
    • MDM solutions can easily perform remote attestation and evaluate client health before granting access to resources or cloud services such as Office 365.
    | +| Credential Guard |
    • Defense in depth increases so that even if malware has administrative rights on one machine, it is significantly more difficult to compromise additional machines in an organization.
    |
    From e0ab8e7007f0cb6086d73c07f6dada177ab189dd Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 11 Nov 2021 20:05:22 -0800 Subject: [PATCH 73/79] Added lightbox to help with readability --- .../information-protection/tpm/how-windows-uses-the-tpm.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index 2b05343896..b1380dfb2e 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -84,7 +84,7 @@ Identity providers have flexibility in how they provision credentials on client - **Attestation identity key**. To protect privacy, most TPM scenarios do not directly use an actual endorsement key. Instead, they use attestation identity keys, and an identity certificate authority (CA) uses the endorsement key and its certificate to prove that one or more attestation identity keys actually exist in a real TPM. The identity CA issues attestation identity key certificates. More than one identity CA will generally see the same endorsement key certificate that can uniquely identify the TPM, but any number of attestation identity key certificates can be created to limit the information shared in other scenarios. -![TPM Capabilities.](images/tpm-capabilities.png) +:::image type="content" alt-text="TPM Capabilities." source="images/tpm-capabilities.png" lightbox="images/tpm-capabilities.png"::: *Figure 1: TPM Cryptographic Key Management* For Windows Hello for Business, Microsoft can fill the role of the identity CA. Microsoft services can issue an attestation identity key certificate for each device, user, and identify provider to ensure that privacy is protected and to help identity providers ensure that device TPM requirements are met before Windows Hello for Business credentials are provisioned. @@ -125,8 +125,7 @@ The TPM provides the following way for scenarios to use the measurements recorde When new security features are added to Windows, Measured Boot adds security-relevant configuration information to the measurements recorded in the TPM. Measured Boot enables remote attestation scenarios that reflect the system firmware and the Windows initialization state. -![Process to Create Evidence of Boot Software and Configuration Using TPM.](images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png) - +:::image type="content" alt-text="Process to Create Evidence of Boot Software and Configuration Using TPM." source="images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png" lightbox="images/process-to-create-evidence-of-boot-software-and-configuration-using-tpm.png"::: *Figure 2: Process used to create evidence of boot software and configuration using a TPM* From 1661c8f2c8fb2179a5875f9d468e3442cb57bf28 Mon Sep 17 00:00:00 2001 From: Gary Moore Date: Thu, 11 Nov 2021 20:13:57 -0800 Subject: [PATCH 74/79] Corrected two more bullets --- .../information-protection/tpm/how-windows-uses-the-tpm.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md index b1380dfb2e..01438ca9f3 100644 --- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md +++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md @@ -58,9 +58,9 @@ Although CNG sounds like a mundane starting point, it illustrates some of the ad The Platform Crypto Provider, introduced in the Windows 8 operating system, exposes the following special TPM properties, which software-only CNG providers cannot offer or cannot offer as effectively: -• **Key protection**. The Platform Crypto Provider can create keys in the TPM with restrictions on their use. The operating system can load and use the keys in the TPM without copying the keys to system memory, where they are vulnerable to malware. The Platform Crypto Provider can also configure keys that a TPM protects so that they are not removable. If a TPM creates a key, the key is unique and resides only in that TPM. If the TPM imports a key, the Platform Crypto Provider can use the key in that TPM, but that TPM is not a source for making more copies of the key or enabling the use of copies elsewhere. In sharp contrast, software solutions that protect keys from copying are subject to reverse-engineering attacks, in which someone figures out how the solution stores keys or makes copies of keys while they are in memory during use. +- **Key protection**. The Platform Crypto Provider can create keys in the TPM with restrictions on their use. The operating system can load and use the keys in the TPM without copying the keys to system memory, where they are vulnerable to malware. The Platform Crypto Provider can also configure keys that a TPM protects so that they are not removable. If a TPM creates a key, the key is unique and resides only in that TPM. If the TPM imports a key, the Platform Crypto Provider can use the key in that TPM, but that TPM is not a source for making more copies of the key or enabling the use of copies elsewhere. In sharp contrast, software solutions that protect keys from copying are subject to reverse-engineering attacks, in which someone figures out how the solution stores keys or makes copies of keys while they are in memory during use. -• **Dictionary attack protection**. Keys that a TPM protects can require an authorization value such as a PIN. With dictionary attack protection, the TPM can prevent attacks that attempt a large number of guesses to determine the PIN. After too many guesses, the TPM simply returns an error saying no more guesses are allowed for a period of time. Software solutions might provide similar features, but they cannot provide the same level of protection, especially if the system restarts, the system clock changes, or files on the hard disk that count failed guesses are rolled back. In addition, with dictionary attack protection, authorization values such as PINs can be shorter and easier to remember while still providing the same level of protection as more complex values when using software solutions. +- **Dictionary attack protection**. Keys that a TPM protects can require an authorization value such as a PIN. With dictionary attack protection, the TPM can prevent attacks that attempt a large number of guesses to determine the PIN. After too many guesses, the TPM simply returns an error saying no more guesses are allowed for a period of time. Software solutions might provide similar features, but they cannot provide the same level of protection, especially if the system restarts, the system clock changes, or files on the hard disk that count failed guesses are rolled back. In addition, with dictionary attack protection, authorization values such as PINs can be shorter and easier to remember while still providing the same level of protection as more complex values when using software solutions. These TPM features give Platform Crypto Provider distinct advantages over software-based solutions. A practical way to see these benefits in action is when using certificates on a Windows device. On platforms that include a TPM, Windows can use the Platform Crypto Provider to provide certificate storage. Certificate templates can specify that a TPM use the Platform Crypto Provider to protect the key associated with a certificate. In mixed environments, where some computers might not have a TPM, the certificate template could prefer the Platform Crypto Provider over the standard Windows software provider. If a certificate is configured as not able to be exported, the private key for the certificate is restricted and cannot be exported from the TPM. If the certificate requires a PIN, the PIN gains the TPM’s dictionary attack protection automatically. From be6ac5a4be4e73b8fd6adf4a81e40fe6caeaadb6 Mon Sep 17 00:00:00 2001 From: Andrei-George Stoica Date: Mon, 15 Nov 2021 13:07:39 +0200 Subject: [PATCH 75/79] Adding PowerShell alternative since WMIC is not supported on Win11 --- windows/deployment/windows-10-subscription-activation.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 4d6d62258a..77ecc22723 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -249,6 +249,11 @@ changepk.exe /ProductKey %ProductKey% ) ``` +Since [WMIC was deprecated](https://docs.microsoft.com/windows/win32/wmisdk/wmic) in Windows 10, version 21H1, run this PowerShell alternative: +```console +$(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( $null -ne $_ ) { Write-Host "Installing"$_;.\changepk.exe /Productkey $_ } else { Write-Host "No key present" } } +``` + ### Obtaining an Azure AD license Enterprise Agreement/Software Assurance (EA/SA): From cc8f21a8efd04b898ec124ae6fe8c7d84fffa76e Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Mon, 15 Nov 2021 09:48:26 -0500 Subject: [PATCH 76/79] Fixed link --- windows/deployment/windows-10-subscription-activation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 77ecc22723..82a034b94b 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -249,7 +249,7 @@ changepk.exe /ProductKey %ProductKey% ) ``` -Since [WMIC was deprecated](https://docs.microsoft.com/windows/win32/wmisdk/wmic) in Windows 10, version 21H1, run this PowerShell alternative: +Since [WMIC was deprecated](/windows/win32/wmisdk/wmic) in Windows 10, version 21H1, run this PowerShell alternative: ```console $(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( $null -ne $_ ) { Write-Host "Installing"$_;.\changepk.exe /Productkey $_ } else { Write-Host "No key present" } } ``` From eef2624f5ab1ccf0f9b4137b067314e0d528b609 Mon Sep 17 00:00:00 2001 From: Mandi Ohlinger Date: Mon, 15 Nov 2021 09:51:15 -0500 Subject: [PATCH 77/79] Updated wording --- windows/deployment/windows-10-subscription-activation.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md index 82a034b94b..b1ac84715b 100644 --- a/windows/deployment/windows-10-subscription-activation.md +++ b/windows/deployment/windows-10-subscription-activation.md @@ -231,7 +231,7 @@ If you are running Windows 10, version 1803 or later, Subscription Activation wi If you are using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key. -If the computer has never been activated with a Pro key, run the following script. Copy the text below into a .cmd file and run the file from an elevated command prompt: +If the computer has never been activated with a Pro key, run the following script. Copy the text below into a `.cmd` file, and run the file from an elevated command prompt: ```console @echo off @@ -249,8 +249,9 @@ changepk.exe /ProductKey %ProductKey% ) ``` -Since [WMIC was deprecated](/windows/win32/wmisdk/wmic) in Windows 10, version 21H1, run this PowerShell alternative: -```console +Since [WMIC was deprecated](/windows/win32/wmisdk/wmic) in Windows 10, version 21H1, you can use the following Windows PowerShell script instead: + +```powershell $(Get-WmiObject SoftwareLicensingService).OA3xOriginalProductKey | foreach{ if ( $null -ne $_ ) { Write-Host "Installing"$_;.\changepk.exe /Productkey $_ } else { Write-Host "No key present" } } ``` From 0aa7b1210dac25d3bf66e5cb352034f13b28fe2e Mon Sep 17 00:00:00 2001 From: Dan Pandre <54847950+DanPandre@users.noreply.github.com> Date: Mon, 15 Nov 2021 17:40:12 -0500 Subject: [PATCH 78/79] Document 32-bit png limitation --- windows/client-management/mdm/surfacehub-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index ad67b668bb..147c460f3b 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -295,7 +295,7 @@ SurfaceHub

    The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** -

    Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image. +

    Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.

    The data type is string. Supported operation is Get and Replace. From 9a2c4eb57b19baf5e5660d6f36349e388b90f2af Mon Sep 17 00:00:00 2001 From: David Strome Date: Mon, 15 Nov 2021 15:13:49 -0800 Subject: [PATCH 79/79] archive test --- windows/manage/TOC.yml | 2 ++ windows/manage/test.md | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+) create mode 100644 windows/manage/TOC.yml create mode 100644 windows/manage/test.md diff --git a/windows/manage/TOC.yml b/windows/manage/TOC.yml new file mode 100644 index 0000000000..892ce64421 --- /dev/null +++ b/windows/manage/TOC.yml @@ -0,0 +1,2 @@ +- name: Test + href: test.md diff --git a/windows/manage/test.md b/windows/manage/test.md new file mode 100644 index 0000000000..36d16a3f6b --- /dev/null +++ b/windows/manage/test.md @@ -0,0 +1,19 @@ +--- +title: Test +description: Test +ms.prod: w11 +ms.mktglfcycl: deploy +ms.sitesec: library +author: dstrome +ms.author: dstrome +ms.reviewer: +manager: dstrome +ms.topic: article +--- + +# Test + +## Deployment planning + +This article provides guidance to help you plan for Windows 11 in your organization. +