From 1b11ab27bb6b6b8e5f54357741e8829e0936284e Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 09:44:30 -0700 Subject: [PATCH 1/9] added policy: Update/AutoRestartDeadlinePeriodInDays; restored SKU support for Update/ActiveHoursMaxRange; --- .../policy-configuration-service-provider.md | 58 +++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 5b81c0026b..d27e3b21f3 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -17475,6 +17475,29 @@ ADMX Info: **Update/ActiveHoursMaxRange** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -17528,6 +17551,41 @@ ADMX Info:

The default value is 8 (8 AM). + + + +**Update/AutoRestartDeadlinePeriodInDays** + + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcheck mark2
+ + + +

Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory. + +

Supported values are 2-30 days. + +

The default value is 7 days. + From 789162afe8deb0e394708b76601ed3fa94ef1e90 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:20:37 -0700 Subject: [PATCH 2/9] restored SKU support for Browser/ policies --- .../policy-configuration-service-provider.md | 207 ++++++++++++++++++ 1 file changed, 207 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d27e3b21f3..d5d894f1dc 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -1973,6 +1973,29 @@ ADMX Info: **Browser/AllowAddressBarDropdown** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality.  @@ -2358,6 +2381,29 @@ ADMX Info: **Browser/AllowMicrosoftCompatibilityList** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
+ +

Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". @@ -2466,6 +2512,29 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis **Browser/AllowSearchEngineCustomization** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
+ +

Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine.     @@ -2566,6 +2635,29 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis **Browser/ClearBrowsingDataOnExit** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
+ +

Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge. @@ -2587,6 +2679,29 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis **Browser/ConfigureAdditionalSearchEngines** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
+ +

Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices.    @@ -2610,6 +2725,29 @@ Employees cannot remove these search engines, but they can set any one as the de **Browser/DisableLockdownOfStartPages** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcross mark
+ +

Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect.     @@ -2819,6 +2957,29 @@ Employees cannot remove these search engines, but they can set any one as the de **Browser/PreventFirstRunPage** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
+ +

Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening. @@ -2834,6 +2995,29 @@ Employees cannot remove these search engines, but they can set any one as the de **Browser/PreventLiveTileDataCollection** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
+ +

Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. @@ -3005,6 +3189,29 @@ Employees cannot remove these search engines, but they can set any one as the de **Browser/SetDefaultSearchEngine** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2check mark2check mark2
+ +

Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy. From 547aadb14b15ea00a02a1094430ec22371ce1f3b Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:27:48 -0700 Subject: [PATCH 3/9] restored SKU support for Experience/ policies --- .../policy-configuration-service-provider.md | 69 +++++++++++++++++++ 1 file changed, 69 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index d5d894f1dc..bee9969b4a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -7320,6 +7320,29 @@ ADMX Info: **Experience/AllowTailoredExperiencesWithDiagnosticData** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -7555,6 +7578,29 @@ ADMX Info: **Experience/AllowWindowsSpotlightOnActionCenter** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. @@ -7573,6 +7619,29 @@ ADMX Info: **Experience/AllowWindowsSpotlightWindowsWelcomeExperience** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcheck mark2check mark2check mark2cross markcross mark
+ + > [!NOTE] > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile. From d4f21c8802e4873ab4eb14f60f201718d08e4291 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:31:12 -0700 Subject: [PATCH 4/9] restored SKU support for Messaging/ policies --- .../policy-configuration-service-provider.md | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bee9969b4a..4e459d714c 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -11502,6 +11502,29 @@ ADMX Info: **Messaging/AllowMMS** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcross markcross markcross markcheck mark2check mark2
+ + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. @@ -11554,6 +11577,29 @@ ADMX Info: **Messaging/AllowRCS** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcross markcross markcross markcheck mark2check mark2
+ + > [!NOTE] > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. From df2d1d9f320062909062f8e1c37d01b5e070321c Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:43:36 -0700 Subject: [PATCH 5/9] restored SKU support for TimeLang policy --- .../policy-configuration-service-provider.md | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 07c3129d51..124d77c37e 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -18487,6 +18487,29 @@ ADMX Info: **TimeLanguageSettings/AllowSet24HourClock** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcross markcross markcross markcross markcheck mark2check mark2
+ +

Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting. From 9bb3aeabf33153a6c5a5b772e29146f044bb69a5 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 11:49:19 -0700 Subject: [PATCH 6/9] restored SKU support for Update/ policies --- .../policy-configuration-service-provider.md | 184 ++++++++++++++++++ 1 file changed, 184 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index 124d77c37e..ff951b9536 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -18864,6 +18864,29 @@ ADMX Info: **Update/AutoRestartNotificationSchedule** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -18880,6 +18903,29 @@ ADMX Info: **Update/AutoRestartRequiredNotificationDismissal** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19189,6 +19235,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/EngagedRestartDeadline** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19205,6 +19274,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/EngagedRestartSnoozeSchedule** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19221,6 +19313,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/EngagedRestartTransitionSchedule** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19693,6 +19808,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/ScheduleImminentRestartWarning** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19709,6 +19847,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/ScheduleRestartWarning** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise @@ -19818,6 +19979,29 @@ If a machine has Microsoft Update enabled, any Microsoft Updates in these catego **Update/SetAutoRestartNotificationDisable** + + + + + + + + + + + + + + + + + + + + +
HomeProBusinessEnterpriseEducationMobileMobileEnterprise
cross markcheck mark2check mark2check mark2cross markcheck mark2
+ + > [!NOTE] > This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise From 243339f40b5499c08276657b5715c2ad5dcc6036 Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 12:28:52 -0700 Subject: [PATCH 7/9] updated June's change history table to include 11 new RS2 policies --- ...new-in-windows-mdm-enrollment-management.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 96d9601963..862d300bf8 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -1201,6 +1201,24 @@ Also Added [Firewall DDF file](firewall-ddf-file.md). [TPMPolicy CSP](tpmpolicy-csp.md) New CSP added in Windows 10, version 1703. + +[Policy CSP](policy-configuration-service-provider.md) + +

Added the following new policies for Windows 10, version 1703:

+ + From 65d4f8713b3db49a769493bf292a5c43abf866ca Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 12:30:49 -0700 Subject: [PATCH 8/9] updated 1703 table to include 11 new RS2 policies --- .../mdm/new-in-windows-mdm-enrollment-management.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 862d300bf8..bd6600df91 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -82,7 +82,18 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • DataProtection/RevokeOnUnenroll
  • DeviceLock/DevicePasswordExpiration
  • DeviceLock/DevicePasswordHistory
    • +
  • Start/AllowPinnedFolderDocuments
    • +
  • Start/AllowPinnedFolderDownloads
    • +
  • Start/AllowPinnedFolderFileExplorer
    • +
  • Start/AllowPinnedFolderHomeGroup
    • +
  • Start/AllowPinnedFolderMusic
    • +
  • Start/AllowPinnedFolderNetwork
    • +
  • Start/AllowPinnedFolderPersonalFolder
    • +
  • Start/AllowPinnedFolderPictures
    • +
  • Start/AllowPinnedFolderSettings
    • +
  • Start/AllowPinnedFolderVideos
  • TextInput/AllowInputPanel
    • +
  • Update/AutoRestartDeadlinePeriodInDays
  • Update/PauseDeferrals
  • Update/RequireDeferUpdate
  • Update/RequireUpdateApproval
    • From 08e44781acfa5f55f21c5f7ac1f69231637e79ec Mon Sep 17 00:00:00 2001 From: Nick Brower Date: Fri, 9 Jun 2017 15:39:16 -0700 Subject: [PATCH 9/9] moved new policies to correct change history table (1703) --- ...ew-in-windows-mdm-enrollment-management.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index bd6600df91..6c95a92a67 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -82,18 +82,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • DataProtection/RevokeOnUnenroll
  • DeviceLock/DevicePasswordExpiration
  • DeviceLock/DevicePasswordHistory
    • -
  • Start/AllowPinnedFolderDocuments
    • -
  • Start/AllowPinnedFolderDownloads
    • -
  • Start/AllowPinnedFolderFileExplorer
    • -
  • Start/AllowPinnedFolderHomeGroup
    • -
  • Start/AllowPinnedFolderMusic
    • -
  • Start/AllowPinnedFolderNetwork
    • -
  • Start/AllowPinnedFolderPersonalFolder
    • -
  • Start/AllowPinnedFolderPictures
    • -
  • Start/AllowPinnedFolderSettings
    • -
  • Start/AllowPinnedFolderVideos
  • TextInput/AllowInputPanel
    • -
  • Update/AutoRestartDeadlinePeriodInDays
  • Update/PauseDeferrals
  • Update/RequireDeferUpdate
  • Update/RequireUpdateApproval
    • @@ -653,6 +642,16 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • SmartScreen/EnableAppInstallControl
  • SmartScreen/EnableSmartScreenInShell
  • SmartScreen/PreventOverrideForFilesInShell
    • +
  • Start/AllowPinnedFolderDocuments
    • +
  • Start/AllowPinnedFolderDownloads
    • +
  • Start/AllowPinnedFolderFileExplorer
    • +
  • Start/AllowPinnedFolderHomeGroup
    • +
  • Start/AllowPinnedFolderMusic
    • +
  • Start/AllowPinnedFolderNetwork
    • +
  • Start/AllowPinnedFolderPersonalFolder
    • +
  • Start/AllowPinnedFolderPictures
    • +
  • Start/AllowPinnedFolderSettings
    • +
  • Start/AllowPinnedFolderVideos
  • Start/HideAppList
  • Start/HideChangeAccountSettings
  • Start/HideFrequentlyUsedApps
    • @@ -674,6 +673,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
  • TextInput/AllowKeyboardTextSuggestions
  • TimeLanguageSettings/AllowSet24HourClock
  • Update/ActiveHoursMaxRange
    • +
  • Update/AutoRestartDeadlinePeriodInDays
  • Update/AutoRestartNotificationSchedule
  • Update/AutoRestartNotificationStyle
  • Update/AutoRestartRequiredNotificationDismissal