From 8881009b80dca51e04bf003a42bbfb1ad7b45f5f Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Thu, 27 Apr 2023 10:15:45 -0400 Subject: [PATCH] CSP Changes draft --- windows/client-management/mdm/defender-csp.md | 6 +- .../mdm/enterprisemodernappmanagement-csp.md | 140 +++++++++++++++++- .../mdm/passportforwork-csp.md | 18 +-- .../client-management/mdm/policy-csp-audit.md | 4 +- .../mdm/policy-csp-defender.md | 17 ++- .../mdm/policy-csp-deviceinstallation.md | 4 +- .../mdm/policy-csp-internetexplorer.md | 20 +-- .../mdm/policy-csp-kerberos.md | 3 +- .../mdm/policy-csp-mixedreality.md | 24 +-- .../mdm/policy-csp-privacy.md | 10 +- .../mdm/policy-csp-tenantrestrictions.md | 4 +- .../mdm/policy-csp-update.md | 38 ++--- windows/client-management/mdm/supl-csp.md | 4 +- windows/client-management/mdm/vpnv2-csp.md | 24 +-- 14 files changed, 223 insertions(+), 93 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 7550924275..4f3b9bb084 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -4,7 +4,7 @@ description: Learn more about the Defender CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2481,7 +2481,7 @@ Information about the current status of the threat. The following list shows the | 7 | Removed | | 8 | Cleaned | | 9 | Allowed | -| 10 | No Status (Cleared) | +| 10 | No Status ( Cleared) | @@ -3676,7 +3676,7 @@ OfflineScan action starts a Microsoft Defender Offline scan on the computer wher -RollbackEngine action rolls back Microsoft Defender engine to its last known good saved version on the computer where you run the command. +RollbackEngine action rolls back Microsoft Defender engine to it's last known good saved version on the computer where you run the command. diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md index 726ff88fb1..9d5ec3342a 100644 --- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md +++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md @@ -4,7 +4,7 @@ description: Learn more about the EnterpriseModernAppManagement CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -17,6 +17,7 @@ ms.topic: reference # EnterpriseModernAppManagement CSP + The EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps. For details about how to use this CSP to for reporting apps inventory, installation and removal of apps for users, provisioning apps to devices, and managing app licenses, see [Enterprise app management](../enterprise-app-management.md). > [!NOTE] @@ -273,6 +274,7 @@ Used to perform app installation. + This is a required node. @@ -312,6 +314,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + This is an optional node. > [!NOTE] @@ -329,6 +332,7 @@ This is an optional node. + **Example**: Here's an example for uninstalling an app: @@ -374,6 +378,7 @@ Command to perform an install of an app package from a hosted location (this can + This is a required node. The following list shows the supported deployment options: - ForceApplicationShutdown @@ -424,6 +429,7 @@ Last error relating to the app installation. + > [!NOTE] > This element isn't present after the app is installed. @@ -464,6 +470,7 @@ Description of last error relating to the app installation. + > [!NOTE] > This element isn't present after the app is installed. @@ -504,6 +511,7 @@ An integer the indicates the progress of the app installation. For https locatio + > [!NOTE] > This element isn't present after the app is installed. @@ -544,6 +552,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0) + > [!NOTE] > This element isn't present after the app is installed. @@ -662,6 +671,7 @@ Used to manage licenses for store apps. + This is a required node. @@ -701,6 +711,7 @@ License ID for a store installed app. The license ID is generally the PFN of the + This is an optional node. @@ -741,6 +752,7 @@ Command to add license. + This is a required node. @@ -780,6 +792,7 @@ Command to get license from the store. + This is a required node. @@ -936,6 +949,7 @@ Used for inventory and app management (post-install). + This is a required node. @@ -975,6 +989,7 @@ Specifies the query for app inventory. + This is a required node. Query parameters: - Output - Specifies the parameters for the information returned in AppInventoryResults operation. Multiple value must be separate by |. Valid values are: @@ -1016,6 +1031,7 @@ This is a required node. Query parameters: + **Example**: The following example sets the inventory query for the package names and checks the status for reinstallation for all main packages that are nonStore apps. @@ -1057,6 +1073,7 @@ Returns the results for app inventory that was created after the AppInventoryQue + This is a required node. @@ -1070,6 +1087,7 @@ This is a required node. + **Example**: Here's an example of AppInventoryResults operation. @@ -1108,6 +1126,7 @@ Here's an example of AppInventoryResults operation. + This is a required node. Used for managing apps from the Microsoft Store. @@ -1147,6 +1166,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + > [!NOTE] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. @@ -1162,6 +1182,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + **Example**: Here's an example for uninstalling an app: @@ -1247,6 +1268,7 @@ Architecture of installed package. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -1287,6 +1309,7 @@ Date the app was installed. Value type is string. + This is a required node. @@ -1326,6 +1349,7 @@ Install location of the app on the device. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -1405,6 +1429,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 + > [!NOTE] > Not applicable to XAP files. @@ -1484,6 +1509,7 @@ This node is used to identify whether the package is a stub package. A stub pack + The value is 1 if the package is a stub package and 0 (zero) for all other cases. @@ -1562,6 +1588,7 @@ Provides information about the status of the package. Value type is int. Valid v + > [!NOTE] > Not applicable to XAP files. @@ -1641,6 +1668,7 @@ Specifies whether the package state has changed and requires a reinstallation of + This is a required node. > [!NOTE] @@ -1683,6 +1711,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta + > [!NOTE] > Not applicable to XAP files. @@ -1723,6 +1752,7 @@ Registered users of the app and the package install state. If the query is at th + This is a required node. Possible values: - 0 = Not Installed @@ -1806,6 +1836,7 @@ Specifies whether you want to block a specific app from being updated via auto-u + This is a required node. @@ -1854,6 +1885,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the + Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins). | Applicability Setting | CSP state | Result | @@ -1909,6 +1941,7 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to + NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults. @@ -1931,6 +1964,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev + **Examples**: - Add an app to the nonremovable app policy list @@ -2019,6 +2053,7 @@ Interior node for the managing updates through the Microsoft Store. These settin + > [!NOTE] > ReleaseManagement settings only apply to updates through the Microsoft Store. @@ -2294,6 +2329,7 @@ Reports the last error code returned by the update scan. + This is a required node. @@ -2332,6 +2368,7 @@ This is a required node. + Used to manage enterprise apps or developer apps that weren't acquired from the Microsoft Store. @@ -2371,6 +2408,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + > [!NOTE] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. @@ -2386,6 +2424,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + **Example**: Here's an example for uninstalling an app: @@ -2471,6 +2510,7 @@ Architecture of installed package. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -2511,6 +2551,7 @@ Date the app was installed. Value type is string. + This is a required node. @@ -2550,6 +2591,7 @@ Install location of the app on the device. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -2629,6 +2671,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 + > [!NOTE] > Not applicable to XAP files. @@ -2708,6 +2751,7 @@ This node is used to identify whether the package is a stub package. A stub pack + The value is 1 if the package is a stub package and 0 (zero) for all other cases. @@ -2786,6 +2830,7 @@ Provides information about the status of the package. Value type is int. Valid v + > [!NOTE] > Not applicable to XAP files. @@ -2865,6 +2910,7 @@ Specifies whether the package state has changed and requires a reinstallation of + This is a required node. > [!NOTE] @@ -2907,6 +2953,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta + > [!NOTE] > Not applicable to XAP files. @@ -2947,6 +2994,7 @@ Registered users of the app and the package install state. If the query is at th + This is a required node. Possible values: - 0 = Not Installed @@ -3030,6 +3078,7 @@ Specifies whether you want to block a specific app from being updated via auto-u + This is a required node. @@ -3078,6 +3127,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the + Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins). | Applicability Setting | CSP state | Result | @@ -3133,6 +3183,7 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to + NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults. @@ -3155,6 +3206,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev + **Examples**: - Add an app to the nonremovable app policy list @@ -3555,6 +3607,7 @@ Used to restore the Windows app to its initial configuration. + Reports apps installed as part of the operating system. @@ -3594,6 +3647,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + > [!NOTE] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. @@ -3675,6 +3729,7 @@ Architecture of installed package. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -3715,6 +3770,7 @@ Date the app was installed. Value type is string. + This is a required node. @@ -3754,6 +3810,7 @@ Install location of the app on the device. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -3833,6 +3890,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 + > [!NOTE] > Not applicable to XAP files. @@ -3912,6 +3970,7 @@ This node is used to identify whether the package is a stub package. A stub pack + The value is 1 if the package is a stub package and 0 (zero) for all other cases. @@ -3990,6 +4049,7 @@ Provides information about the status of the package. Value type is int. Valid v + > [!NOTE] > Not applicable to XAP files. @@ -4069,6 +4129,7 @@ Specifies whether the package state has changed and requires a reinstallation of + This is a required node. > [!NOTE] @@ -4111,6 +4172,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta + > [!NOTE] > Not applicable to XAP files. @@ -4151,6 +4213,7 @@ Registered users of the app and the package install state. If the query is at th + This is a required node. - 0 = Not Installed @@ -4766,6 +4829,7 @@ Specifies whether you want to block a specific app from being updated via auto-u + This is a required node. @@ -4814,6 +4878,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the + Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins). | Applicability Setting | CSP state | Result | @@ -4869,6 +4934,7 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to + NonRemovable requires admin permission. This setting can only be defined per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults. @@ -4891,6 +4957,7 @@ NonRemovable requires admin permission. This setting can only be defined per dev + **Examples**: - Add an app to the nonremovable app policy list @@ -5253,6 +5320,7 @@ Used to start the Windows Update scan. + This is a required node. @@ -5331,6 +5399,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + > [!NOTE] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. @@ -5346,6 +5415,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + **Example**: Here's an example for uninstalling an app: @@ -5391,6 +5461,7 @@ Command to perform an install of an app package from a hosted location (this can + This is a required node. The following list shows the supported deployment options: - ForceApplicationShutdown @@ -5441,6 +5512,7 @@ Last error relating to the app installation. + > [!NOTE] > This element isn't present after the app is installed. @@ -5481,6 +5553,7 @@ Description of last error relating to the app installation. + > [!NOTE] > This element isn't present after the app is installed. @@ -5521,6 +5594,7 @@ An integer the indicates the progress of the app installation. For https locatio + > [!NOTE] > This element isn't present after the app is installed. @@ -5561,6 +5635,7 @@ Status of app installation. The following values are returned: NOT_INSTALLED (0) + > [!NOTE] > This element isn't present after the app is installed. @@ -5718,6 +5793,7 @@ License ID for a store installed app. The license ID is generally the PFN of the + This is an optional node. @@ -5758,6 +5834,7 @@ Command to add license. + This is a required node. @@ -5797,6 +5874,7 @@ Command to get license from the store. + This is a required node. @@ -5992,6 +6070,7 @@ Specifies the query for app inventory. + This is a required node. Query parameters: - Output - Specifies the parameters for the information returned in AppInventoryResults operation. Multiple value must be separate by |. Valid values are: @@ -6031,6 +6110,7 @@ This is a required node. Query parameters: + **Example**: The following example sets the inventory query for the package names and checks the status for reinstallation for all main packages that are nonStore apps. @@ -6072,6 +6152,7 @@ Returns the results for app inventory that was created after the AppInventoryQue + This is a required node. @@ -6085,6 +6166,7 @@ This is a required node. + **Example**: Here's an example of AppInventoryResults operation. @@ -6123,6 +6205,7 @@ Here's an example of AppInventoryResults operation. + This is a required node. Used for managing apps from the Microsoft Store. @@ -6162,6 +6245,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + > [!NOTE] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. @@ -6177,6 +6261,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + **Example**: Here's an example for uninstalling an app: @@ -6262,6 +6347,7 @@ Architecture of installed package. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -6302,6 +6388,7 @@ Date the app was installed. Value type is string. + This is a required node. @@ -6341,6 +6428,7 @@ Install location of the app on the device. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -6420,6 +6508,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 + > [!NOTE] > Not applicable to XAP files. @@ -6499,6 +6588,7 @@ This node is used to identify whether the package is a stub package. A stub pack + The value is 1 if the package is a stub package and 0 (zero) for all other cases. @@ -6577,6 +6667,7 @@ Provides information about the status of the package. Value type is int. Valid v + > [!NOTE] > Not applicable to XAP files. @@ -6656,6 +6747,7 @@ Specifies whether the package state has changed and requires a reinstallation of + This is a required node. > [!NOTE] @@ -6698,6 +6790,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta + > [!NOTE] > Not applicable to XAP files. @@ -6738,6 +6831,7 @@ Registered users of the app and the package install state. If the query is at th + This is a required node. Possible values: - 0 = Not Installed @@ -6821,6 +6915,7 @@ Interior node for all managed app setting values. + > [!NOTE] > This node is only supported in the user context. @@ -6861,6 +6956,7 @@ The SettingValue and data represent a key value pair to be configured for the ap + This setting only works for apps that support the feature and it's only supported in the user context. @@ -6875,6 +6971,7 @@ This setting only works for apps that support the feature and it's only supporte + **Examples**: - The following example sets the value for the 'Server' @@ -6933,6 +7030,7 @@ Specifies whether you want to block a specific app from being updated via auto-u + This is a required node. @@ -6981,6 +7079,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the + Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins). |Applicability Setting |CSP state |Result | @@ -7036,6 +7135,7 @@ Interior node for the managing updates through the Microsoft Store. These settin + > [!NOTE] > ReleaseManagement settings only apply to updates through the Microsoft Store. @@ -7311,6 +7411,7 @@ Reports the last error code returned by the update scan. + This is a required node. @@ -7349,6 +7450,7 @@ This is a required node. + Used to manage enterprise apps or developer apps that weren't acquired from the Microsoft Store. @@ -7388,6 +7490,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + > [!NOTE] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. @@ -7403,6 +7506,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + ```xml @@ -7484,6 +7588,7 @@ Architecture of installed package. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -7524,6 +7629,7 @@ Date the app was installed. Value type is string. + This is a required node. @@ -7563,6 +7669,7 @@ Install location of the app on the device. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -7642,6 +7749,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 + > [!NOTE] > Not applicable to XAP files. @@ -7721,6 +7829,7 @@ This node is used to identify whether the package is a stub package. A stub pack + The value is 1 if the package is a stub package and 0 (zero) for all other cases. Value type is int. @@ -7801,6 +7910,7 @@ Provides information about the status of the package. Value type is int. Valid v + > [!NOTE] > Not applicable to XAP files. @@ -7880,6 +7990,7 @@ Specifies whether the package state has changed and requires a reinstallation of + This is a required node. > [!NOTE] @@ -7922,6 +8033,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta + > [!NOTE] > Not applicable to XAP files. @@ -7962,6 +8074,7 @@ Registered users of the app and the package install state. If the query is at th + Requried. - Not Installed = 0 @@ -8045,6 +8158,7 @@ Interior node for all managed app setting values. + This node is only supported in the user context. @@ -8084,6 +8198,7 @@ The SettingValue and data represent a key value pair to be configured for the ap + This setting only works for apps that support the feature and it's only supported in the user context. @@ -8098,6 +8213,7 @@ This setting only works for apps that support the feature and it's only supporte + The following example sets the value for the 'Server' ```xml @@ -8154,6 +8270,7 @@ Specifies whether you want to block a specific app from being updated via auto-u + This is a required node. @@ -8202,6 +8319,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the + Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins). | Applicability Setting | CSP state | Result | @@ -8531,6 +8649,7 @@ Used to remove packages. + Parameters: - Package @@ -8551,6 +8670,7 @@ Parameters: + **Example**: The following example removes a package for all users: @@ -8632,6 +8752,7 @@ Used to restore the Windows app to its initial configuration. + Reports apps installed as part of the operating system. @@ -8671,6 +8792,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + > [!NOTE] > XAP files use a product ID in place of PackageFamilyName. Here's an example of XAP product ID (including the braces), {12345678-9012-3456-7890-123456789012}. @@ -8686,6 +8808,7 @@ Package family name (PFN) of the app. There is one for each PFN on the device wh + **Example**: ```xml @@ -8769,6 +8892,7 @@ Architecture of installed package. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -8809,6 +8933,7 @@ Date the app was installed. Value type is string. + This is a required node. @@ -8848,6 +8973,7 @@ Install location of the app on the device. Value type is string. + > [!NOTE] > Not applicable to XAP files. @@ -8927,6 +9053,7 @@ Whether or not the app is a framework package. Value type is int. The value is 1 + > [!NOTE] > Not applicable to XAP files. @@ -9006,6 +9133,7 @@ This node is used to identify whether the package is a stub package. A stub pack + The value is 1 if the package is a stub package and 0 (zero) for all other cases. @@ -9084,6 +9212,7 @@ Provides information about the status of the package. Value type is int. Valid v + > [!NOTE] > Not applicable to XAP files. @@ -9163,6 +9292,7 @@ Specifies whether the package state has changed and requires a reinstallation of + This is a required node. > [!NOTE] @@ -9205,6 +9335,7 @@ Resource ID of the app. This is null for the main app, ~ for a bundle, and conta + > [!NOTE] > Not applicable to XAP files. @@ -9245,6 +9376,7 @@ Registered users of the app and the package install state. If the query is at th + This is a required node. - 0 = Not Installed @@ -9328,6 +9460,7 @@ Interior node for all managed app setting values. + This node is only supported in the user context. @@ -9367,6 +9500,7 @@ The SettingValue and data represent a key value pair to be configured for the ap + This setting only works for apps that support the feature and it's only supported in the user context. @@ -9381,6 +9515,7 @@ This setting only works for apps that support the feature and it's only supporte + **Examples**: - The following example sets the value for the 'Server' @@ -9439,6 +9574,7 @@ Specifies whether you want to block a specific app from being updated via auto-u + This is a required node. @@ -9487,6 +9623,7 @@ Specify whether on a AMD64 device, across an app update, the architecture of the + Expected Behavior on an AMD64 machine that has x86 flavor of an app installed (Most restrictive wins). | Applicability Setting | CSP state | Result | @@ -9816,6 +9953,7 @@ Used to start the Windows Update scan. + This is a required node. diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md index 79728405bf..e172fe94a5 100644 --- a/windows/client-management/mdm/passportforwork-csp.md +++ b/windows/client-management/mdm/passportforwork-csp.md @@ -4,7 +4,7 @@ description: Learn more about the PassportForWork CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -445,7 +445,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to | Value | Description | |:--|:--| | 0 (Default) | Allows the use of digits in PIN. | -| 1 | Requires the use of at least one digit in PIN. | +| 1 | Requires the use of at least one digits in PIN. | | 2 | Does not allow the use of digits in PIN. | @@ -583,7 +583,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to | Value | Description | |:--|:--| | 0 (Default) | Allows the use of lowercase letters in PIN. | -| 1 | Requires the use of at least one lowercase letter in PIN. | +| 1 | Requires the use of at least one lowercase letters in PIN. | | 2 | Does not allow the use of lowercase letters in PIN. | @@ -706,7 +706,7 @@ Minimum PIN length configures the minimum number of characters required for the -Use this policy setting to configure the use of special character in the Windows Hello for Business PIN gesture. Valid special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; `< = >` ? @ [ \ ] ^ _ ` { | } ~ . +Use this policy setting to configure the use of special characters in the Windows Hello for Business PIN gesture. Valid special characters for Windows Hello for Business PIN gestures include: ! " # $ % & ' ( ) * + , - . / : ; `< = >` ? @ [ \ ] ^ _ ` { | } ~ . A value of 1 corresponds to "Required." If you configure this policy setting to 1, Windows Hello for Business requires users to include at least one special character in their PIN. @@ -791,7 +791,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to | Value | Description | |:--|:--| | 0 (Default) | Allows the use of uppercase letters in PIN. | -| 1 | Requires the use of at least one uppercase letter in PIN. | +| 1 | Requires the use of at least one uppercase letters in PIN. | | 2 | Does not allow the use of uppercase letters in PIN. | @@ -2027,7 +2027,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to | Value | Description | |:--|:--| | 0 (Default) | Allows the use of digits in PIN. | -| 1 | Requires the use of at least one digit in PIN. | +| 1 | Requires the use of at least one digits in PIN. | | 2 | Does not allow the use of digits in PIN. | @@ -2165,7 +2165,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to | Value | Description | |:--|:--| | 0 (Default) | Allows the use of lowercase letters in PIN. | -| 1 | Requires the use of at least one lowercase letter in PIN. | +| 1 | Requires the use of at least one lowercase letters in PIN. | | 2 | Does not allow the use of lowercase letters in PIN. | @@ -2317,7 +2317,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to | Value | Description | |:--|:--| | 0 (Default) | Allows the use of special characters in PIN. | -| 1 | Requires the use of at least one special character in PIN. | +| 1 | Requires the use of at least one special characters in PIN. | | 2 | Does not allow the use of special characters in PIN. | @@ -2373,7 +2373,7 @@ A value of 2 corresponds to "Disallow." If you configure this policy setting to | Value | Description | |:--|:--| | 0 (Default) | Allows the use of uppercase letters in PIN. | -| 1 | Requires the use of at least one uppercase letter in PIN. | +| 1 | Requires the use of at least one uppercase letters in PIN. | | 2 | Does not allow the use of uppercase letters in PIN. | diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md index 0b01016c5f..19a5889d94 100644 --- a/windows/client-management/mdm/policy-csp-audit.md +++ b/windows/client-management/mdm/policy-csp-audit.md @@ -4,7 +4,7 @@ description: Learn more about the Audit Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 04/14/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -843,7 +843,7 @@ Volume: Low. -This policy setting allows you to audit events generated by special logons such as the following: The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697). +This policy setting allows you to audit events generated by special logons such as the following : The use of a special logon, which is a logon that has administrator-equivalent privileges and can be used to elevate a process to a higher level. A logon by a member of a Special Group. Special Groups enable you to audit events generated when a member of a certain group has logged on to your network. You can configure a list of group security identifiers (SIDs) in the registry. If any of those SIDs are added to a token during logon and the subcategory is enabled, an event is logged. For more information about this feature, see [article 947223 in the Microsoft Knowledge Base](https://go.microsoft.com/fwlink/?LinkId=121697). diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md index 1f26de308e..8643e7282a 100644 --- a/windows/client-management/mdm/policy-csp-defender.md +++ b/windows/client-management/mdm/policy-csp-defender.md @@ -4,7 +4,7 @@ description: Learn more about the Defender Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/27/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1885,8 +1885,8 @@ Same as Disabled. - -This policy setting allows you specify a list of file types that should be excluded from scheduled, custom, and real-time scanning. File types should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the file type extension (such as "obj" or "lib"). The value is not used and it is recommended that this be set to 0. + +Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a |. For example, lib|obj. @@ -1939,8 +1939,8 @@ This policy setting allows you specify a list of file types that should be exclu - -This policy setting allows you to disable scheduled and real-time scanning for files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe". The value is not used and it is recommended that this be set to 0. + +Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a |. For example, C:\Example|C:\Example1. @@ -1993,8 +1993,11 @@ This policy setting allows you to disable scheduled and real-time scanning for f - -This policy setting allows you to disable real-time scanning for any file opened by any of the specified processes. This policy does not apply to scheduled scans. The process itself will not be excluded. To exclude the process, use the Path exclusion. Processes should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of the path to the process image. **Note** that only executables can be excluded. For example, a process might be defined as: "c:\windows\app.exe". The value is not used and it is recommended that this be set to 0. + +Allows an administrator to specify a list of files opened by processes to ignore during a scan. + +> [!IMPORTANT] +> The process itself is not excluded from the scan, but can be by using the Defender/ExcludedPaths policy to exclude its path. Each file type must be separated by a |. For example, C:\Example. exe|C:\Example1.exe. diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md index b65b65b1e4..c86a89adff 100644 --- a/windows/client-management/mdm/policy-csp-deviceinstallation.md +++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md @@ -4,7 +4,7 @@ description: Learn more about the DeviceInstallation Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -347,7 +347,7 @@ To verify that the policy is applied, check C:\windows\INF\setupapi.dev.log and | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.256] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.2145] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1714] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1151] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.256] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.2145] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1714] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1151] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md index 92fda2c42a..d8938e641c 100644 --- a/windows/client-management/mdm/policy-csp-internetexplorer.md +++ b/windows/client-management/mdm/policy-csp-internetexplorer.md @@ -4,7 +4,7 @@ description: Learn more about the InternetExplorer Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -1428,7 +1428,7 @@ This policy allows the user to go directly to an intranet site for a one-word en | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | @@ -2080,7 +2080,7 @@ This policy setting allows you to manage whether Internet Explorer checks for di | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | @@ -3403,7 +3403,7 @@ The Home page specified on the General tab of the Internet Options dialog box is | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.1060] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.3460] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2060] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1030] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.1060] and later
:heavy_check_mark: Windows 10, version 1809 [10.0.17763.3460] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.2060] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.1030] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | @@ -3599,7 +3599,7 @@ InPrivate Browsing prevents Internet Explorer from storing data about a user's b | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | @@ -4486,7 +4486,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.143] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1474] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.906] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.143] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1474] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.906] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | @@ -4552,7 +4552,7 @@ For more information, see | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.558] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1566] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.527] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.558] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1566] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.527] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | @@ -7968,7 +7968,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | @@ -13390,7 +13390,7 @@ For more information, see "Outdated ActiveX Controls" in the Internet Explorer T | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.261] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1832] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1266] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.282] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.261] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1832] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1266] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000.282] and later
:heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later | @@ -16537,7 +16537,7 @@ Also, see the "Security zones: Do not allow users to change policies" policy. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348] and later
:heavy_check_mark: Windows 10, version 1903 [10.0.18362.1350] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.789] and later | diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md index 870386a6e5..16587b8ce0 100644 --- a/windows/client-management/mdm/policy-csp-kerberos.md +++ b/windows/client-management/mdm/policy-csp-kerberos.md @@ -4,7 +4,7 @@ description: Learn more about the Kerberos Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -242,7 +242,6 @@ This policy setting controls hash or checksum algorithms used by the Kerberos cl - "Not Supported" disables usage of the algorithm. This state is intended for algorithms that are deemed to be insecure. - If you disable or do not configure this policy, each algorithm will assume the "Default" state. -More information about the hash and checksum algorithms supported by the Windows Kerberos client and their default states can be found at< https://go.microsoft.com/fwlink/?linkid=2169037>. Events generated by this configuration: 205, 206, 207, 208. diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md index 6f83800c56..ad926281b0 100644 --- a/windows/client-management/mdm/policy-csp-mixedreality.md +++ b/windows/client-management/mdm/policy-csp-mixedreality.md @@ -4,7 +4,7 @@ description: Learn more about the MixedReality Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -86,7 +86,7 @@ Steps to use this policy correctly: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -136,7 +136,7 @@ This opt-in policy can help with the setup of new devices in new areas or new us | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -188,7 +188,7 @@ For more information on the Launcher API, see [Launcher Class (Windows.System) - | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -335,7 +335,7 @@ This policy setting controls if pressing the brightness button changes the brigh | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -386,7 +386,7 @@ For more information, see [Moving platform mode on low dynamic motion moving pla | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -491,7 +491,7 @@ The following XML string is an example of the value for this policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -687,7 +687,7 @@ This policy configures behavior of HUP to determine, which algorithm to use for | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -786,7 +786,7 @@ This policy setting controls whether microphone on HoloLens 2 is disabled or not | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -856,7 +856,7 @@ The following example XML string shows the value to enable this policy: | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -907,7 +907,7 @@ This policy configures whether the device will take the user through the eye tra | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | @@ -957,7 +957,7 @@ It skips the training experience of interactions with the hummingbird and Start | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Unknown [10.0.20348] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: [10.0.20348] and later | diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md index f4fa8a6e6a..507250a860 100644 --- a/windows/client-management/mdm/policy-csp-privacy.md +++ b/windows/client-management/mdm/policy-csp-privacy.md @@ -4,7 +4,7 @@ description: Learn more about the Privacy Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2930,7 +2930,7 @@ If an app is open when this Group Policy object is applied on a device, employee | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.25000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later | @@ -2990,7 +2990,7 @@ This policy setting specifies whether Windows apps can access the human presence | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.25000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later | @@ -3040,7 +3040,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.25000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later | @@ -3090,7 +3090,7 @@ List of semi-colon delimited Package Family Names of Microsoft Store Apps. Liste | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.25000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.25000] and later | diff --git a/windows/client-management/mdm/policy-csp-tenantrestrictions.md b/windows/client-management/mdm/policy-csp-tenantrestrictions.md index babefd000e..96f488a077 100644 --- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md +++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md @@ -4,7 +4,7 @@ description: Learn more about the TenantRestrictions Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 01/09/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -31,7 +31,7 @@ ms.topic: reference | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20348.320] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1320] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1320] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1320] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | +| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20348.320] and later
:heavy_check_mark: Windows 10, version 2004 [10.0.19041.1320] and later
:heavy_check_mark: Windows 10, version 2009 [10.0.19042.1320] and later
:heavy_check_mark: Windows 10, version 21H1 [10.0.19043.1320] and later
:heavy_check_mark: Windows 10, version 21H2 [10.0.19044] and later
:heavy_check_mark: Windows 11, version 21H2 [10.0.22000] and later | diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md index 8bf785ab2e..a5d3afb700 100644 --- a/windows/client-management/mdm/policy-csp-update.md +++ b/windows/client-management/mdm/policy-csp-update.md @@ -4,7 +4,7 @@ description: Learn more about the Update Area in Policy CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -826,12 +826,8 @@ Pause Updates | To prevent Feature Updates from being offered to the device, you - -Enable this policy to specify when to receive Feature Updates. - -Defer Updates | This enables devices to defer taking the next Feature Update available for their current product (or a new product if specified in the Select the target Feature Update version policy). You can defer a Feature Update for up to 14 days for all pre-release channels and up to 365 days for the General Availability Channel. To learn more about the current releases, please see aka.ms/WindowsTargetVersioninfo - -Pause Updates | To prevent Feature Updates from being offered to the device, you can temporarily pause Feature Updates. This pause will remain in effect for 35 days from the specified start date or until the field is cleared. Note, Quality Updates will still be offered even if Feature Updates are paused. + +Specifies the date and time when the IT admin wants to start pausing the Feature Updates. Value type is string (yyyy-mm-dd, ex. 2018-10-28). @@ -955,16 +951,8 @@ If you disable or do not configure this policy, Windows Update will not alter it - -Enable this policy to specify when to receive quality updates. - -You can defer receiving quality updates for up to 30 days. - -To prevent quality updates from being received on their scheduled time, you can temporarily pause quality updates. The pause will remain in effect for 35 days or until you clear the start date field. - -To resume receiving Quality Updates which are paused, clear the start date field. - -If you disable or do not configure this policy, Windows Update will not alter its behavior. + +Specifies the date and time when the IT admin wants to start pausing the Quality Updates. Value type is string (yyyy-mm-dd, ex. 2018-10-28). @@ -2143,9 +2131,9 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie | Value | Description | |:--|:--| -| 0 | Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option, users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. | -| 1 | Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shut down properly on restart. | -| 2 (Default) | Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shut down properly on restart. | +| 0 | Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel. | +| 1 | Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart. | +| 2 (Default) | Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart. | | 3 | Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart. | | 4 | Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only. | | 5 | Turn off automatic updates. | @@ -3551,7 +3539,7 @@ If the status is set to Not Configured, use of Automatic Updates is not specifie -This setting allows removal access to "Pause updates" feature. +This setting allows to remove access to "Pause updates" feature. Once enabled user access to pause updates is removed. @@ -4311,7 +4299,7 @@ Enable this policy to control the timing before transitioning from Auto restarts You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. -You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed, within the specified period. +You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. @@ -4381,7 +4369,7 @@ Enable this policy to control the timing before transitioning from Auto restarts You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. -You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed, within the specified period. +You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. @@ -4451,7 +4439,7 @@ Enable this policy to control the timing before transitioning from Auto restarts You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. -You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed, within the specified period. +You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. @@ -4521,7 +4509,7 @@ Enable this policy to control the timing before transitioning from Auto restarts You can specify the number of days a user can snooze Engaged restart reminder notifications. The snooze period can be set between 1 and 3 days. -You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed, within the specified period. +You can specify the deadline in days before automatically scheduling and executing a pending restart regardless of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to automatically executed, within the specified period. If you do not specify a deadline or if the deadline is set to 0, the PC won't automatically restart and will require the person to schedule it prior to restart. diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 7594de5981..ddfda20a6b 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -4,7 +4,7 @@ description: Learn more about the SUPL CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 03/23/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -17,6 +17,7 @@ ms.topic: reference # SUPL CSP + The SUPL configuration service provider is used to configure the location client, as shown in the following table: - **Location Service**: Connection type @@ -395,6 +396,7 @@ This setting is deprecated in Windows 10. Optional. Boolean. Specifies whether t + | Location toggle setting | LocMasterSwitchDependencyNII setting | NI request processing allowed | |-------------------------|--------------------------------------|------------------------------------| | On | 0 | Yes | diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index ce9204701c..84b7a6c4ec 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -4,7 +4,7 @@ description: Learn more about the VPNv2 CSP. author: vinaypamnani-msft manager: aaroncz ms.author: vinpa -ms.date: 02/28/2023 +ms.date: 04/26/2023 ms.localizationpriority: medium ms.prod: windows-client ms.technology: itpro-manage @@ -2838,7 +2838,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -2876,7 +2876,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -2915,7 +2915,7 @@ List of inbox VPN protocols in priority order. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -2953,7 +2953,7 @@ List of inbox VPN protocols in priority order. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -3003,7 +3003,7 @@ Inbox VPN protocols type. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -7063,7 +7063,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -7101,7 +7101,7 @@ True: Plumb traffic selectors as routes onto VPN interface, False: Do not plumb | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -7140,7 +7140,7 @@ List of inbox VPN protocols in priority order. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -7178,7 +7178,7 @@ List of inbox VPN protocols in priority order. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -7228,7 +7228,7 @@ Inbox VPN protocols type. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.20207] and later | +| :heavy_check_mark: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.20207] and later | @@ -7893,7 +7893,7 @@ Boolean value (true or false) for caching credentials. | Scope | Editions | Applicable OS | |:--|:--|:--| -| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Unknown [10.0.19628] and later | +| :x: Device
:heavy_check_mark: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: [10.0.19628] and later |