diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 3049402086..ff7f8c546f 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: nickbrower
-ms.date: 08/23/2017
+ms.date: 10/23/2017
---
# Policy DDF file
@@ -50,7 +50,7 @@ The XML below is the DDF for Windows 10, version 1709.
- com.microsoft/5.0/MDM/Policy
+ com.microsoft/6.0/MDM/Policy
@@ -2548,30 +2548,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- DisableBlockingOfOutdatedActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
DisableBypassOfSmartScreenWarnings
@@ -3868,30 +3844,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
@@ -3964,30 +3916,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
IntranetZoneAllowAccessToDataSources
@@ -4252,30 +4180,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
IntranetZoneJavaPermissions
@@ -7060,30 +6964,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
RestrictedSitesZoneRunActiveXControlsAndPlugins
@@ -7204,30 +7084,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
RestrictedSitesZoneTurnOnProtectedMode
@@ -7612,30 +7468,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
TrustedSitesZoneInitializeAndScriptActiveXControls
@@ -7660,54 +7492,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
TrustedSitesZoneJavaPermissions
@@ -7916,6 +7700,30 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ HidePeopleBar
+
+
+
+
+
+
+
+ Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
StartLayout
@@ -8190,6 +7998,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -8334,6 +8143,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -8358,6 +8168,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -8381,6 +8192,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
desktop
LowestValueMostSecure
@@ -8428,6 +8240,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -8452,6 +8265,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -8475,6 +8289,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -8499,6 +8314,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
HighestValueMostSecure
@@ -8523,6 +8339,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
HighestValueMostSecure
@@ -8547,6 +8364,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -8574,6 +8392,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plain
+
LowestValueMostSecure
@@ -8597,6 +8416,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plain
+
LowestValueMostSecure
@@ -8620,6 +8440,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plain
+
phone
LowestValueMostSecure
@@ -8649,6 +8470,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
LowestValueMostSecure
@@ -8672,6 +8494,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
LowestValueMostSecure
@@ -8695,6 +8518,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
LowestValueMostSecure
@@ -8718,6 +8542,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
LowestValueMostSecure
@@ -8741,6 +8566,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
phone
LowestValueMostSecure
@@ -8799,6 +8625,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
text/plain
+
phone
LowestValueMostSecure
@@ -8931,6 +8758,7 @@ If you disable or don't configure this setting (default), employees can add, imp
text/plain
+
LowestValueMostSecure
@@ -8954,6 +8782,7 @@ If you disable or don't configure this setting (default), employees can add, imp
text/plain
+
HighestValueMostSecure
@@ -8979,6 +8808,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
HighestValueMostSecure
@@ -9005,6 +8835,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -9028,6 +8859,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -9051,6 +8883,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -9074,6 +8907,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -9127,6 +8961,7 @@ If you disable or don't configure this setting, employees will see the favorites
text/plain
+
phone
HighestValueMostSecure
@@ -9180,6 +9015,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
HighestValueMostSecure
@@ -9204,6 +9040,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -9365,6 +9202,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -9589,6 +9427,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -9612,6 +9451,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -9636,6 +9476,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -9660,6 +9501,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -9684,6 +9526,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -9707,6 +9550,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -10537,33 +10381,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- DisableBlockingOfOutdatedActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
- VerMgmtDisable
- LastWrite
-
-
DisableBypassOfSmartScreenWarnings
@@ -12022,33 +11839,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyUnsignedFrameworkComponentsURLaction_1
- LastWrite
-
-
InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
@@ -12130,33 +11920,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyZoneElevationURLaction_1
- LastWrite
-
-
IntranetZoneAllowAccessToDataSources
@@ -12454,33 +12217,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyScriptActiveXNotMarkedSafe_3
- LastWrite
-
-
IntranetZoneJavaPermissions
@@ -15613,33 +15349,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
- IZ_PolicyNavigateSubframesAcrossDomains_7
- LastWrite
-
-
RestrictedSitesZoneRunActiveXControlsAndPlugins
@@ -15775,33 +15484,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
- IZ_PolicyTurnOnXSSFilter_Both_Restricted
- LastWrite
-
-
RestrictedSitesZoneTurnOnProtectedMode
@@ -16234,33 +15916,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
- LastWrite
-
-
TrustedSitesZoneInitializeAndScriptActiveXControls
@@ -16288,60 +15943,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyScriptActiveXNotMarkedSafe_5
- LastWrite
-
-
-
- TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyScriptActiveXNotMarkedSafe_5
- LastWrite
-
-
TrustedSitesZoneJavaPermissions
@@ -16436,6 +16037,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -16549,6 +16151,31 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ HidePeopleBar
+
+
+
+
+ Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ phone
+ LowestValueMostSecure
+
+
StartLayout
@@ -16636,7 +16263,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- com.microsoft/5.0/MDM/Policy
+ com.microsoft/6.0/MDM/Policy
@@ -19470,7 +19097,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
@@ -19494,7 +19121,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
@@ -19518,7 +19145,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
@@ -19986,7 +19613,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EnableWindowsAutoPilotResetCredentials
+ DisableAutomaticReDeploymentCredentials
@@ -20743,6 +20370,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
+
+ ControlledFolderAccessAllowedApplications
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
+
+ ControlledFolderAccessProtectedFolders
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DaysToRetainCleanedMalware
@@ -20768,7 +20443,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EnableGuardMyFolders
+ EnableControlledFolderAccess
@@ -20887,54 +20562,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
-
- GuardedFoldersAllowedApplications
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- GuardedFoldersList
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
PUAProtection
@@ -23723,30 +23350,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- DisableBlockingOfOutdatedActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
DisableBypassOfSmartScreenWarnings
@@ -25091,30 +24694,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
@@ -25187,30 +24766,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
IntranetZoneAllowAccessToDataSources
@@ -25475,30 +25030,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
IntranetZoneJavaPermissions
@@ -28283,30 +27814,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
RestrictedSitesZoneRunActiveXControlsAndPlugins
@@ -28427,30 +27934,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
RestrictedSitesZoneTurnOnProtectedMode
@@ -28859,30 +28342,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
TrustedSitesZoneInitializeAndScriptActiveXControls
@@ -28907,54 +28366,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
-
- TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
TrustedSitesZoneJavaPermissions
@@ -29753,66 +29164,6 @@ Default: No message.
-
- NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares
-
-
-
-
-
-
-
- Network access: Do not allow anonymous enumeration of SAM accounts and shares
-
-This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
-
-Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
-
-Default: Disabled.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
-
- NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
-
-
-
-
-
-
-
- Network access: Restrict anonymous access to Named Pipes and Shares
-
-When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
-
-Network access: Named pipes that can be accessed anonymously
-Network access: Shares that can be accessed anonymously
-Default: Enabled.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
@@ -29869,34 +29220,6 @@ This policy will be turned off by default on domain joined machines. This would
-
- RecoveryConsole_AllowAutomaticAdministrativeLogon
-
-
-
-
-
-
-
- Recovery console: Allow automatic administrative logon
-
-This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system.
-
-Default: This policy is not defined and automatic administrative logon is not allowed.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
@@ -30488,7 +29811,7 @@ The options are:
-
+ This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.
@@ -30512,7 +29835,7 @@ The options are:
-
+ This policy setting allows you to enable or disable the sending and receiving cellular MMS messages.
@@ -30536,7 +29859,7 @@ The options are:
-
+ This policy setting allows you to enable or disable the sending and receiving of cellular RCS (Rich Communication Services) messages.
@@ -31512,7 +30835,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -31536,7 +30859,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -31560,7 +30883,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -31608,7 +30931,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -31632,7 +30955,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -31656,7 +30979,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -31704,7 +31027,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -31728,7 +31051,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -31752,7 +31075,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -31800,7 +31123,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -31824,7 +31147,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -31848,7 +31171,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -31896,7 +31219,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -31920,7 +31243,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -31944,7 +31267,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -31992,7 +31315,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -32016,7 +31339,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -32040,7 +31363,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -32088,7 +31411,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -32112,7 +31435,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -32136,7 +31459,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -32184,7 +31507,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -32208,7 +31531,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -32232,7 +31555,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -32280,7 +31603,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -32304,7 +31627,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -32328,7 +31651,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -32376,7 +31699,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -32400,7 +31723,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -32424,7 +31747,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -32472,7 +31795,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -32496,7 +31819,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -32520,7 +31843,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -32568,7 +31891,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -32592,7 +31915,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -32616,7 +31939,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -32856,7 +32179,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -32880,7 +32203,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -32904,7 +32227,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -34559,6 +33882,30 @@ The options are:
+
+ AllowOnlineTips
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
AllowPowerSleep
@@ -35273,30 +34620,6 @@ The options are:
-
- HidePeopleBar
-
-
-
-
-
-
-
- Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
-
-
-
-
-
-
-
-
-
-
- text/plain
-
-
-
HidePowerButton
@@ -35893,6 +35216,30 @@ The options are:
+
+ DisableEnterpriseAuthProxy
+
+
+
+
+
+
+
+ This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
DisableOneDriveFileSync
@@ -35902,7 +35249,7 @@ The options are:
- This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Microsoft Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+ This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
@@ -35965,6 +35312,30 @@ The options are:
+
+ LimitEnhancedDiagnosticDataWindowsAnalytics
+
+
+
+
+
+
+
+ This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced) When you configure these policy settings, a Basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: https://go.microsoft.com/fwlink/?linkid=847594. Enabling Enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional Enhanced level telemetry data. This setting has no effect on computers configured to send Full, Basic or Security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy.
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+
TelemetryProxy
@@ -38467,6 +37838,7 @@ The options are:
text/plain
+
desktop
LowestValueMostSecure
@@ -38491,6 +37863,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38514,6 +37887,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38557,6 +37931,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38580,6 +37955,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38603,6 +37979,7 @@ The options are:
text/plain
+
LastWrite
@@ -38760,6 +38137,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38806,6 +38184,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38829,6 +38208,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -38853,6 +38233,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38876,6 +38257,7 @@ The options are:
text/plain
+
desktop
LowestValueMostSecure
@@ -38924,6 +38306,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38947,6 +38330,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -38970,6 +38354,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -39789,6 +39174,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -39813,6 +39199,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -39836,6 +39223,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -39860,6 +39248,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -40004,6 +39393,7 @@ The options are:
text/plain
+
LastWrite
@@ -40047,6 +39437,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -40070,6 +39461,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -40093,6 +39485,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -40182,6 +39575,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -40206,6 +39600,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -40229,6 +39624,7 @@ The options are:
text/plain
+
desktop
LowestValueMostSecure
@@ -40276,6 +39672,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -40300,6 +39697,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -40323,6 +39721,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -40347,6 +39746,7 @@ The options are:
text/plain
+
phone
HighestValueMostSecure
@@ -40371,6 +39771,7 @@ The options are:
text/plain
+
phone
HighestValueMostSecure
@@ -40395,6 +39796,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -40422,6 +39824,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plain
+
LowestValueMostSecure
@@ -40445,6 +39848,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plain
+
LowestValueMostSecure
@@ -40468,6 +39872,7 @@ If you disable this setting, the Microsoft Compatibility List will not be used d
text/plain
+
phone
LowestValueMostSecure
@@ -40497,6 +39902,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
LowestValueMostSecure
@@ -40520,6 +39926,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
LowestValueMostSecure
@@ -40543,6 +39950,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
LowestValueMostSecure
@@ -40566,6 +39974,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
LowestValueMostSecure
@@ -40589,6 +39998,7 @@ This policy will only apply on domain joined machines or when the device is MDM
text/plain
+
phone
LowestValueMostSecure
@@ -40647,6 +40057,7 @@ This setting can only be used with domain-joined or MDM-enrolled devices. For mo
text/plain
+
phone
LowestValueMostSecure
@@ -40779,6 +40190,7 @@ If you disable or don't configure this setting (default), employees can add, imp
text/plain
+
LowestValueMostSecure
@@ -40802,6 +40214,7 @@ If you disable or don't configure this setting (default), employees can add, imp
text/plain
+
HighestValueMostSecure
@@ -40827,6 +40240,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
HighestValueMostSecure
@@ -40853,6 +40267,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -40876,6 +40291,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -40899,6 +40315,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -40922,6 +40339,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
HighestValueMostSecure
@@ -40975,6 +40393,7 @@ If you disable or don't configure this setting, employees will see the favorites
text/plain
+
phone
HighestValueMostSecure
@@ -41028,6 +40447,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
HighestValueMostSecure
@@ -41052,6 +40472,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -41096,6 +40517,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -41148,7 +40570,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
@@ -41172,7 +40594,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to cellular data. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
@@ -41196,7 +40618,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the cellular data access setting for the listed apps. This setting overrides the default LetAppsAccessCellularData policy setting for the specified apps.
@@ -41280,6 +40702,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -41349,6 +40772,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -41372,6 +40796,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
desktop
LowestValueMostSecure
@@ -41396,6 +40821,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
desktop
LowestValueMostSecure
@@ -41420,6 +40846,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -41443,6 +40870,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -41679,13 +41107,13 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EnableWindowsAutoPilotResetCredentials
+ DisableAutomaticReDeploymentCredentials
- 0
+ 1
@@ -41698,7 +41126,8 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
- LowestValueMostSecure
+
+ HighestValueMostSecure
@@ -41881,6 +41310,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
LowestValueMostSecure
@@ -42431,6 +41861,54 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
+
+ ControlledFolderAccessAllowedApplications
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
+
+ ControlledFolderAccessProtectedFolders
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+ phone
+ LastWrite
+
+
DaysToRetainCleanedMalware
@@ -42456,7 +41934,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
- EnableGuardMyFolders
+ EnableControlledFolderAccess
@@ -42575,54 +42053,6 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
LastWrite
-
- GuardedFoldersAllowedApplications
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- LastWrite
-
-
-
- GuardedFoldersList
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- LastWrite
-
-
PUAProtection
@@ -42903,6 +42333,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecure
@@ -42951,6 +42382,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LastWrite
@@ -43307,6 +42739,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
HighestValueMostSecure
@@ -43331,6 +42764,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
LowestValueMostSecureZeroHasNoLimits
@@ -43355,6 +42789,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
phone
HighestValueMostSecure
@@ -43473,6 +42908,7 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
text/plain
+
desktop
LowestValueMostSecure
@@ -44247,6 +43683,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
desktop
LowestValueMostSecure
@@ -44271,6 +43708,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44294,6 +43732,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44317,6 +43756,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44340,6 +43780,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44363,6 +43804,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44386,6 +43828,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44409,6 +43852,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44432,6 +43876,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
HighestValueMostSecure
@@ -44455,6 +43900,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44478,6 +43924,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
desktop
LowestValueMostSecure
@@ -44502,6 +43949,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
desktop
LowestValueMostSecure
@@ -44526,6 +43974,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
phone
LowestValueMostSecure
@@ -44636,6 +44085,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
LowestValueMostSecure
@@ -44679,6 +44129,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
phone
LowestValueMostSecure
@@ -45486,33 +44937,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
LastWrite
-
- DisableBlockingOfOutdatedActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~SecurityFeatures~IESF_AddOnManagement
- VerMgmtDisable
- LastWrite
-
-
DisableBypassOfSmartScreenWarnings
@@ -47025,33 +46449,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
LastWrite
-
- InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyUnsignedFrameworkComponentsURLaction_1
- LastWrite
-
-
InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode
@@ -47133,33 +46530,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
LastWrite
-
- InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_InternetZone
- IZ_PolicyZoneElevationURLaction_1
- LastWrite
-
-
IntranetZoneAllowAccessToDataSources
@@ -47457,33 +46827,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
LastWrite
-
- IntranetZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_IntranetZone
- IZ_PolicyScriptActiveXNotMarkedSafe_3
- LastWrite
-
-
IntranetZoneJavaPermissions
@@ -50616,33 +49959,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
LastWrite
-
- RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
- IZ_PolicyNavigateSubframesAcrossDomains_7
- LastWrite
-
-
RestrictedSitesZoneRunActiveXControlsAndPlugins
@@ -50778,33 +50094,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
LastWrite
-
- RestrictedSitesZoneTurnOnCrossSiteScriptingFilter
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_RestrictedSitesZone
- IZ_PolicyTurnOnXSSFilter_Both_Restricted
- LastWrite
-
-
RestrictedSitesZoneTurnOnProtectedMode
@@ -51264,33 +50553,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
LastWrite
-
- TrustedSitesZoneDontRunAntimalwareProgramsAgainstActiveXControls
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyAntiMalwareCheckingOfActiveXControls_5
- LastWrite
-
-
TrustedSitesZoneInitializeAndScriptActiveXControls
@@ -51318,60 +50580,6 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
LastWrite
-
- TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedAsSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyScriptActiveXNotMarkedSafe_5
- LastWrite
-
-
-
- TrustedSitesZoneInitializeAndScriptActiveXControlsNotMarkedSafe
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- inetres.admx
- inetres~AT~WindowsComponents~InternetExplorer~InternetCPL~IZ_SecurityPage~IZ_TrustedSitesZone
- IZ_PolicyScriptActiveXNotMarkedSafe_5
- LastWrite
-
-
TrustedSitesZoneJavaPermissions
@@ -51621,6 +50829,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
phone
LowestValueMostSecure
@@ -51645,6 +50854,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
text/plain
+
phone
LowestValueMostSecure
@@ -51695,6 +50905,7 @@ If you disable or do not configure this policy (recommended), users will be able
text/plain
+
phone
LastWrite
@@ -52186,66 +51397,6 @@ Default: No message.
LastWrite
-
- NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccountsAndShares
-
-
-
-
- Network access: Do not allow anonymous enumeration of SAM accounts and shares
-
-This security setting determines whether anonymous enumeration of SAM accounts and shares is allowed.
-
-Windows allows anonymous users to perform certain activities, such as enumerating the names of domain accounts and network shares. This is convenient, for example, when an administrator wants to grant access to users in a trusted domain that does not maintain a reciprocal trust. If you do not want to allow anonymous enumeration of SAM accounts and shares, then enable this policy.
-
-Default: Disabled.
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- LastWrite
-
-
-
- NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
-
-
-
-
- Network access: Restrict anonymous access to Named Pipes and Shares
-
-When enabled, this security setting restricts anonymous access to shares and pipes to the settings for:
-
-Network access: Named pipes that can be accessed anonymously
-Network access: Shares that can be accessed anonymously
-Default: Enabled.
- 1
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- LastWrite
-
-
NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
@@ -52302,34 +51453,6 @@ This policy will be turned off by default on domain joined machines. This would
LastWrite
-
- RecoveryConsole_AllowAutomaticAdministrativeLogon
-
-
-
-
- Recovery console: Allow automatic administrative logon
-
-This security setting determines if the password for the Administrator account must be given before access to the system is granted. If this option is enabled, the Recovery Console does not require you to provide a password, and it automatically logs on to the system.
-
-Default: This policy is not defined and automatic administrative logon is not allowed.
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
- LastWrite
-
-
Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
@@ -52494,6 +51617,7 @@ The options are:
text/plain
+
phone
LastWrite
@@ -52811,6 +51935,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -52855,6 +51980,7 @@ The options are:
text/plain
+
LastWrite
@@ -52878,6 +52004,7 @@ The options are:
text/plain
+
LastWrite
@@ -52907,7 +52034,7 @@ The options are:
-
+ This policy setting allows backup and restore of cellular text messages to Microsoft's cloud services.
1
@@ -52921,7 +52048,6 @@ The options are:
text/plain
- desktop
LowestValueMostSecure
@@ -52931,7 +52057,7 @@ The options are:
-
+ This policy setting allows you to enable or disable the sending and receiving cellular MMS messages.
1
@@ -52955,7 +52081,7 @@ The options are:
-
+ This policy setting allows you to enable or disable the sending and receiving of cellular RCS (Rich Communication Services) messages.
1
@@ -53554,6 +52680,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -53577,6 +52704,7 @@ The options are:
text/plain
+
10.0.10240
LowestValueMostSecure
@@ -53601,6 +52729,7 @@ The options are:
text/plain
+
LowestValueMostSecureZeroHasNoLimits
@@ -53624,6 +52753,7 @@ The options are:
text/plain
+
HighestValueMostSecure
@@ -53941,7 +53071,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -53965,7 +53095,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -53989,7 +53119,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
@@ -54036,7 +53166,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -54060,7 +53190,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -54084,7 +53214,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
@@ -54131,7 +53261,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -54155,7 +53285,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -54179,7 +53309,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
@@ -54226,7 +53356,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -54250,7 +53380,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -54274,7 +53404,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
@@ -54321,7 +53451,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -54345,7 +53475,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -54369,7 +53499,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
@@ -54416,7 +53546,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -54440,7 +53570,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -54464,7 +53594,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
@@ -54511,7 +53641,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -54535,7 +53665,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -54559,7 +53689,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
@@ -54606,7 +53736,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -54630,7 +53760,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -54654,7 +53784,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
@@ -54701,7 +53831,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -54725,7 +53855,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -54749,7 +53879,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
@@ -54796,7 +53926,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -54820,7 +53950,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -54844,7 +53974,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
@@ -54891,7 +54021,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -54915,7 +54045,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -54939,7 +54069,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
@@ -54986,7 +54116,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -55010,7 +54140,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -55034,7 +54164,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
@@ -55271,7 +54401,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -55295,7 +54425,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not be allowed to communicate with unpaired wireless devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -55319,7 +54449,7 @@ The options are:
- List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+ List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'Communicate with unpaired wireless devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
@@ -55357,6 +54487,7 @@ The options are:
text/plain
+
HighestValueMostSecure
@@ -56441,6 +55572,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -56464,6 +55596,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -56487,6 +55620,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -56715,6 +55849,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -56738,6 +55873,7 @@ The options are:
text/plain
+
desktop
LowestValueMostSecure
@@ -56762,6 +55898,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -56785,6 +55922,7 @@ The options are:
text/plain
+
desktop
LowestValueMostSecure
@@ -56809,6 +55947,7 @@ The options are:
text/plain
+
phone
HighestValueMostSecure
@@ -56945,6 +56084,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -56969,6 +56109,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -56992,6 +56133,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57015,6 +56157,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57038,10 +56181,35 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
+
+ AllowOnlineTips
+
+
+
+
+
+ 1
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ LowestValueMostSecure
+
+
AllowPowerSleep
@@ -57062,6 +56230,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57086,6 +56255,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57110,6 +56280,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57134,6 +56305,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57157,6 +56329,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57181,6 +56354,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57247,6 +56421,7 @@ The options are:
text/plain
+
phone
HighestValueMostSecure
@@ -57271,6 +56446,7 @@ The options are:
text/plain
+
phone
HighestValueMostSecure
@@ -57295,6 +56471,7 @@ The options are:
text/plain
+
phone
HighestValueMostSecure
@@ -57339,6 +56516,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57382,6 +56560,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57406,6 +56585,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57430,6 +56610,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57454,6 +56635,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57478,6 +56660,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57502,6 +56685,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57526,6 +56710,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57550,6 +56735,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57574,6 +56760,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57598,6 +56785,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57670,6 +56858,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57693,6 +56882,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57717,6 +56907,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57740,30 +56931,7 @@ The options are:
text/plain
- LowestValueMostSecure
-
-
-
- HidePeopleBar
-
-
-
-
- Enabling this policy removes the people icon from the taskbar as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar.
- 0
-
-
-
-
-
-
-
-
-
-
- text/plain
-
- phone
+
LowestValueMostSecure
@@ -57787,6 +56955,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57810,6 +56979,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57834,6 +57004,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -57858,6 +57029,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57881,6 +57053,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57904,6 +57077,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57927,6 +57101,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57950,6 +57125,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -57973,6 +57149,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -58020,6 +57197,7 @@ The options are:
text/plain
+
phone
HighestValueMostSecure
@@ -58182,6 +57360,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -58228,6 +57407,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -58274,6 +57454,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -58320,6 +57501,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -58351,12 +57533,12 @@ The options are:
- DisableOneDriveFileSync
+ DisableEnterpriseAuthProxy
- This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Microsoft Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+ This policy setting blocks the Connected User Experience and Telemetry service from automatically using an authenticated proxy to send data back to Microsoft on Windows 10. If you disable or do not configure this policy setting, the Connected User Experience and Telemetry service will automatically use an authenticated proxy to send data back to Microsoft. Enabling this policy will block the Connected User Experience and Telemetry service from automatically using an authenticated proxy.
0
@@ -58370,6 +57552,30 @@ The options are:
text/plain
+ LastWrite
+
+
+
+ DisableOneDriveFileSync
+
+
+
+
+ This policy setting lets you prevent apps and features from working with files on OneDrive. If you enable this policy setting: users can’t access OneDrive from the OneDrive app and file picker; Windows Store apps can’t access OneDrive using the WinRT API; OneDrive doesn’t appear in the navigation pane in File Explorer; OneDrive files aren’t kept in sync with the cloud; Users can’t automatically upload photos and videos from the camera roll folder. If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
HighestValueMostSecure
@@ -58423,6 +57629,30 @@ The options are:
LastWrite
+
+ LimitEnhancedDiagnosticDataWindowsAnalytics
+
+
+
+
+ This policy setting, in combination with the Allow Telemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must complete two steps: 1. Enable this policy setting 2. Set Allow Telemetry to level 2 (Enhanced) When you configure these policy settings, a Basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented here: https://go.microsoft.com/fwlink/?linkid=847594. Enabling Enhanced diagnostic data in the Allow Telemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional Enhanced level telemetry data. This setting has no effect on computers configured to send Full, Basic or Security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the Allow Telemetry policy.
+ 0
+
+
+
+
+
+
+
+
+
+
+ text/plain
+
+
+ LowestValueMostSecure
+
+
TelemetryProxy
@@ -58486,6 +57716,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -58510,6 +57741,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -58534,6 +57766,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -58582,6 +57815,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -58606,6 +57840,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -58630,6 +57865,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -58654,6 +57890,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -58677,6 +57914,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -58792,6 +58030,7 @@ The options are:
text/plain
+
desktop
LowestValueMostSecure
@@ -58975,6 +58214,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -58998,6 +58238,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -59044,6 +58285,7 @@ The options are:
text/plain
+
LastWrite
@@ -59090,6 +58332,7 @@ The options are:
text/plain
+
LastWrite
@@ -59366,6 +58609,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -59389,6 +58633,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -59780,6 +59025,7 @@ The options are:
text/plain
+
LastWrite
@@ -59803,6 +59049,7 @@ The options are:
text/plain
+
LastWrite
@@ -59939,6 +59186,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -59962,6 +59210,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -59985,6 +59234,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60008,6 +59258,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60031,6 +59282,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60453,6 +59705,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -60575,6 +59828,7 @@ The options are:
text/plain
+
HighestValueMostSecure
@@ -60618,6 +59872,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60641,6 +59896,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60666,6 +59922,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60691,6 +59948,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60716,6 +59974,7 @@ The options are:
text/plain
+
phone
LowestValueMostSecure
@@ -60742,6 +60001,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60765,6 +60025,7 @@ The options are:
text/plain
+
LowestValueMostSecure
@@ -60790,6 +60051,7 @@ The options are:
text/plain
+
LowestValueMostSecure