diff --git a/.openpublishing.redirection.windows-configuration.json b/.openpublishing.redirection.windows-configuration.json
index ada2c59132..4b4b40b0a6 100644
--- a/.openpublishing.redirection.windows-configuration.json
+++ b/.openpublishing.redirection.windows-configuration.json
@@ -281,114 +281,299 @@
"redirect_document_id": false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-feedback.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-feedback",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-feedback.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-feedback",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-o365.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-o365",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-o365.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-o365",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-overview.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-overview",
- "redirect_document_id":false
- },
- {
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-policy-settings",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-overview.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-overview",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-1",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-policy-settings",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-2",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-1",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-3",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-2",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-4",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-3",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-5",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-4",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-6",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-5",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-7",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-6",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-testing-scenarios",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-scenario-7",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-voice-commands",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-testing-scenarios",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/cortana-at-work-voice-commands",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/test-scenario-1.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-1",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/test-scenario-2.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-2",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/test-scenario-1.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-1",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/test-scenario-3.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-3",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/test-scenario-2.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-2",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/test-scenario-4.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-4",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/test-scenario-3.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-3",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/test-scenario-5.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-5",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/test-scenario-4.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-4",
+ "redirect_document_id":false
},
{
- "source_path":"windows/configuration/cortana-at-work/test-scenario-6.md",
- "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-6",
- "redirect_document_id":false
+ "source_path":"windows/configuration/cortana-at-work/test-scenario-5.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-5",
+ "redirect_document_id":false
+ },
+ {
+ "source_path":"windows/configuration/cortana-at-work/test-scenario-6.md",
+ "redirect_url":"/previous-versions/windows/it-pro/windows-10/configuration/cortana-at-work/test-scenario-6",
+ "redirect_document_id":false
},
{
"source_path": "windows/configuration/windows-diagnostic-data.md",
"redirect_url": "/windows/privacy/windows-diagnostic-data",
"redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/changes-to-start-policies-in-windows-10.md",
+ "redirect_url": "/windows/configuration/start/customize-windows-10-start-screens-by-using-group-policy",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/configure-windows-10-taskbar.md",
+ "redirect_url": "/windows/configuration/taskbar/configure-windows-10-taskbar",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/customize-and-export-start-layout.md",
+ "redirect_url": "/windows/configuration/start/customize-and-export-start-layout",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/customize-start-menu-layout-windows-11.md",
+ "redirect_url": "/windows/configuration/start/customize-start-menu-layout-windows-11",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/customize-taskbar-windows-11.md",
+ "redirect_url": "/windows/configuration/taskbar/customize-taskbar-windows-11",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md",
+ "redirect_url": "/windows/configuration/start/customize-windows-10-start-screens-by-using-group-policy",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md",
+ "redirect_url": "/windows/configuration/start/customize-windows-10-start-screens-by-using-mobile-device-management",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md",
+ "redirect_url": "/windows/configuration/start/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/find-the-application-user-model-id-of-an-installed-app.md",
+ "redirect_url": "/windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/guidelines-for-assigned-access-app.md",
+ "redirect_url": "/windows/configuration/kiosk/guidelines-for-assigned-access-app",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-additional-reference.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-additional-reference",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-mdm-bridge.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-mdm-bridge",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-methods.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-methods",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-policies.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-policies",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-prepare.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-prepare",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-shelllauncher.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-shelllauncher",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-single-app.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-single-app",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-validate.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-validate",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/kiosk-xml.md",
+ "redirect_url": "/windows/configuration/kiosk/kiosk-xml",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/lockdown-features-windows-10.md",
+ "redirect_url": "/windows/configuration/kiosk/lockdown-features-windows-10",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/lock-down-windows-10-applocker.md",
+ "redirect_url": "/windows/configuration/kiosk/lock-down-windows-10-applocker",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/lock-down-windows-10-to-specific-apps.md",
+ "redirect_url": "/windows/configuration/kiosk/lock-down-windows-10-to-specific-apps",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/lock-down-windows-11-to-specific-apps.md",
+ "redirect_url": "/windows/configuration/kiosk/lock-down-windows-11-to-specific-apps",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/manage-tips-and-suggestions.md",
+ "redirect_url": "/windows/configuration/tips/manage-tips-and-suggestions",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/provisioning-apn.md",
+ "redirect_url": "/windows/configuration/cellular/provisioning-apn",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/setup-digital-signage.md",
+ "redirect_url": "/windows/configuration/kiosk/setup-digital-signage",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/set-up-shared-or-guest-pc.md",
+ "redirect_url": "/windows/configuration/shared-pc/set-up-shared-or-guest-pc",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/shared-devices-concepts.md",
+ "redirect_url": "/windows/configuration/shared-pc/shared-devices-concepts",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/shared-pc-technical.md",
+ "redirect_url": "/windows/configuration/shared-pc/shared-pc-technical",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/start-layout-xml-desktop.md",
+ "redirect_url": "/windows/configuration/start/start-layout-xml-desktop",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/start-secondary-tiles.md",
+ "redirect_url": "/windows/configuration/start/start-secondary-tiles",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/stop-employees-from-using-microsoft-store.md",
+ "redirect_url": "/windows/configuration/store/stop-employees-from-using-microsoft-store",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/supported-csp-start-menu-layout-windows.md",
+ "redirect_url": "/windows/configuration/start/supported-csp-start-menu-layout-windows",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/supported-csp-taskbar-windows.md",
+ "redirect_url": "/windows/configuration/taskbar/supported-csp-taskbar-windows",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/windows-10-start-layout-options-and-policies.md",
+ "redirect_url": "/windows/configuration/start/windows-10-start-layout-options-and-policies",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/windows-accessibility-for-ITPros.md",
+ "redirect_url": "/windows/configuration/accessibility",
+ "redirect_document_id": false
+ },
+ {
+ "source_path": "windows/configuration/windows-spotlight.md",
+ "redirect_url": "/windows/configuration/lock-screen/windows-spotlight",
+ "redirect_document_id": false
}
]
}
diff --git a/browsers/edge/images/config-open-me-with-scenarios-tab.PNG b/browsers/edge/images/config-open-me-with-scenarios-tab.png
similarity index 100%
rename from browsers/edge/images/config-open-me-with-scenarios-tab.PNG
rename to browsers/edge/images/config-open-me-with-scenarios-tab.png
diff --git a/education/docfx.json b/education/docfx.json
index 60af34def4..f066cfa6c2 100644
--- a/education/docfx.json
+++ b/education/docfx.json
@@ -34,8 +34,8 @@
"education",
"tier2"
],
- "ms.prod": "windows-client",
- "ms.technology": "itpro-edu",
+ "ms.subservice": "itpro-edu",
+ "ms.service": "windows-client",
"author": "paolomatarazzo",
"ms.author": "paoloma",
"manager": "aaroncz",
@@ -51,10 +51,10 @@
}
},
"titleSuffix": "Windows Education",
- "contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
+ "contributors_to_exclude": [
+ "rjagiewich",
+ "traya1",
+ "rmca14",
"claydetels19",
"Kellylorenebaker",
"jborsecnik",
diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md
index 8f3304ae76..75606b7b94 100644
--- a/education/windows/configure-aad-google-trust.md
+++ b/education/windows/configure-aad-google-trust.md
@@ -26,7 +26,7 @@ To test federation, the following prerequisites must be met:
1. A Google Workspace environment, with users already created
> [!IMPORTANT]
> Users require an email address defined in Google Workspace, which is used to match the users in Microsoft Entra ID.
- > For more information about identity matching, see [Identity matching in Microsoft Entra ID](federated-sign-in.md#identity-matching-in-azure-ad).
+ > For more information about identity matching, see [Identity matching in Microsoft Entra ID](federated-sign-in.md#identity-matching-in-microsoft-entra-id).
1. Individual Microsoft Entra accounts already created: each Google Workspace user will require a matching account defined in Microsoft Entra ID. These accounts are commonly created through automated solutions, for example:
- School Data Sync (SDS)
- Microsoft Entra Connect Sync for environment with on-premises AD DS
diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md
index a1273e7bd7..3d414e043d 100644
--- a/education/windows/federated-sign-in.md
+++ b/education/windows/federated-sign-in.md
@@ -46,7 +46,7 @@ To enable a federated sign-in experience, the following prerequisites must be me
- PowerShell scripts that call the [Microsoft Graph API][GRAPH-1]
- provisioning tools offered by the IdP
- For more information about identity matching, see [Identity matching in Microsoft Entra ID](#identity-matching-in-azure-ad).
+ For more information about identity matching, see [Identity matching in Microsoft Entra ID](#identity-matching-in-microsoft-entra-id).
1. Licenses assigned to the Microsoft Entra user accounts. It's recommended to assign licenses to a dynamic group: when new users are provisioned in Microsoft Entra ID, the licenses are automatically assigned. For more information, see [Assign licenses to users by group membership in Microsoft Entra ID][AZ-2]
1. Enable Federated sign-in or Web sign-in on the Windows devices, depending if the devices are shared or assigned to a single student
@@ -201,8 +201,6 @@ The following issues are known to affect student shared devices:
For student shared devices, it's recommended to configure the account management policies to automatically delete the user profiles after a certain period of inactivity or disk levels. For more information, see [Set up a shared or guest Windows device][WIN-3].
-
-
### Preferred Microsoft Entra tenant name
To improve the user experience, you can configure the *preferred Microsoft Entra tenant name* feature.\
@@ -210,8 +208,6 @@ When using preferred Microsoft Entra tenant name, the users bypass the disambigu
For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-4].
-
-
### Identity matching in Microsoft Entra ID
When a Microsoft Entra user is federated, the user's identity from the IdP must match an existing user object in Microsoft Entra ID.
diff --git a/education/windows/images/setedupolicies_omauri.PNG b/education/windows/images/setedupolicies_omauri.png
similarity index 100%
rename from education/windows/images/setedupolicies_omauri.PNG
rename to education/windows/images/setedupolicies_omauri.png
diff --git a/education/windows/images/suspcs/suspc_getstarted_050817.PNG b/education/windows/images/suspcs/suspc_getstarted_050817.png
similarity index 100%
rename from education/windows/images/suspcs/suspc_getstarted_050817.PNG
rename to education/windows/images/suspcs/suspc_getstarted_050817.png
diff --git a/education/windows/images/suspcs/suspc_runpackage_getpcsready.PNG b/education/windows/images/suspcs/suspc_runpackage_getpcsready.png
similarity index 100%
rename from education/windows/images/suspcs/suspc_runpackage_getpcsready.PNG
rename to education/windows/images/suspcs/suspc_runpackage_getpcsready.png
diff --git a/education/windows/images/wcd/setedupolicies.PNG b/education/windows/images/wcd/setedupolicies.png
similarity index 100%
rename from education/windows/images/wcd/setedupolicies.PNG
rename to education/windows/images/wcd/setedupolicies.png
diff --git a/education/windows/images/wcd/wcd_settings_assignedaccess.PNG b/education/windows/images/wcd/wcd_settings_assignedaccess.png
similarity index 100%
rename from education/windows/images/wcd/wcd_settings_assignedaccess.PNG
rename to education/windows/images/wcd/wcd_settings_assignedaccess.png
diff --git a/education/windows/index.yml b/education/windows/index.yml
index 2959b14bbb..d14d00dd63 100644
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@@ -6,8 +6,6 @@ brand: windows
metadata:
ms.topic: hub-page
- ms.prod: windows-client
- ms.technology: itpro-edu
ms.collection:
- education
- tier1
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 0396303749..6086d0f017 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -5,7 +5,7 @@ ms.date: 06/02/2023
ms.topic: reference
appliesto:
- ✅ Windows 10
----
+---
# What's in my provisioning package?
@@ -48,7 +48,7 @@ For a more detailed look at the policies, see the Windows article [Set up shared
This section lists only the MDM and local group policies that are configured uniquely for the Set up School PCs app.
-For a more detailed look of each policy listed, see [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) in the Windows IT Pro Center documentation.
+For a more detailed look of each policy listed, see [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) in the Windows IT Pro Center documentation.
| Policy name | Default value | Description |
|--|--|--|
@@ -81,10 +81,10 @@ For a more detailed look of each policy listed, see [Policy CSP](/windows/client
## Apps uninstalled from Windows devices
-Set up School PCs app uses the Universal app uninstall policy. The policy identifies default apps that aren't relevant to the classroom experience, and uninstalls them from each device. The apps uninstalled from Windows devices are:
+Set up School PCs app uses the Universal app uninstall policy. The policy identifies default apps that aren't relevant to the classroom experience, and uninstalls them from each device. The apps uninstalled from Windows devices are:
- Mixed Reality Viewer
-- Weather
+- Weather
- Desktop App Installer
- Tips
- Messaging
@@ -106,11 +106,11 @@ Set up School PCs uses the Universal app install policy to install school-releva
## Provisioning time estimates
-The time it takes to install a package on a device depends on the:
+The time it takes to install a package on a device depends on the:
- Strength of network connection
- Number of policies and apps within the package
-- Other configurations made to the device
+- Other configurations made to the device
Review the table below to estimate your expected provisioning time. A package that only applies Set Up School PC's default configurations will provision the fastest. A package that removes preinstalled apps, through CleanPC, will take much longer to provision.
diff --git a/education/windows/toc.yml b/education/windows/toc.yml
index ef02b15f30..667c2ddc07 100644
--- a/education/windows/toc.yml
+++ b/education/windows/toc.yml
@@ -9,7 +9,7 @@ items:
- name: Deploy applications to Windows 11 SE
href: tutorial-deploy-apps-winse/toc.yml
- name: Concepts
- items:
+ items:
- name: Windows 11 SE
items:
- name: Overview
@@ -47,7 +47,7 @@ items:
- name: Configure federation between Google Workspace and Microsoft Entra ID
href: configure-aad-google-trust.md
- name: Configure Shared PC
- href: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
+ href: /windows/configuration/shared-pc/set-up-shared-or-guest-pc?context=/education/context/context
- name: Get and deploy Minecraft Education
href: get-minecraft-for-education.md
- name: Use the Set up School PCs app
@@ -65,6 +65,6 @@ items:
- name: Take a Test technical reference
href: take-a-test-app-technical.md
- name: Shared PC technical reference
- href: /windows/configuration/shared-pc-technical?context=/education/context/context
+ href: /windows/configuration/shared-pc/shared-pc-technical?context=/education/context/context
+
-
diff --git a/store-for-business/images/msfb-add-collection.PNG b/store-for-business/images/msfb-add-collection.png
similarity index 100%
rename from store-for-business/images/msfb-add-collection.PNG
rename to store-for-business/images/msfb-add-collection.png
diff --git a/store-for-business/images/wsfb-private-store-gpo.PNG b/store-for-business/images/wsfb-private-store-gpo.png
similarity index 100%
rename from store-for-business/images/wsfb-private-store-gpo.PNG
rename to store-for-business/images/wsfb-private-store-gpo.png
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index 4c003123f7..f5e0e84d26 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -54,7 +54,7 @@ The following XML file contains the device description framework (DDF) for the A
This node can accept and return json string which comprises of account name, and AUMID for Kiosk mode app.
-Example: {"User":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}.
+Example: {"User":"domain\\user", "AUMID":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"}.
When configuring kiosk mode app, account name will be used to find the target user. Account name includes domain name and user name. Domain name can be optional if user name is unique across the system. For a local account, domain name should be machine name. When "Get" is executed on this node, domain name is always returned in the output.
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index ea131ee762..5f89c0bace 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -142,7 +142,7 @@ The following XML file contains the device description framework (DDF) for the B
If you disable or do not configure this policy setting, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by any setup script.”
The format is string.
Sample value for this node to enable this policy and set the encryption methods is:
-
+
EncryptionMethodWithXtsOsDropDown_Name = Select the encryption method for operating system drives.
EncryptionMethodWithXtsFdvDropDown_Name = Select the encryption method for fixed data drives.
@@ -194,7 +194,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: If you want to require the use of a startup PIN and a USB flash drive, you must configure BitLocker settings using the command-line tool manage-bde instead of the BitLocker Drive Encryption setup wizard.
The format is string.
Sample value for this node to enable this policy is:
-
+
ConfigureNonTPMStartupKeyUsage_Name = Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)
All of the below settings are for computers with a TPM.
@@ -250,7 +250,7 @@ The following XML file contains the device description framework (DDF) for the B
NOTE: If minimum PIN length is set below 6 digits, Windows will attempt to update the TPM 2.0 lockout period to be greater than the default when a PIN is changed. If successful, Windows will only reset the TPM lockout period back to default if the TPM is reset.
The format is string.
Sample value for this node to enable this policy is:
-
+
Disabling the policy will let the system choose the default behaviors.
If you want to disable this policy use the following SyncML:
@@ -291,7 +291,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: Not all characters and languages are supported in pre-boot. It is strongly recommended that you test that the characters you use for the custom message or URL appear correctly on the pre-boot recovery screen.
The format is string.
Sample value for this node to enable this policy is:
-
+
The possible values for 'xx' are:
0 = Empty
@@ -344,7 +344,7 @@ The following XML file contains the device description framework (DDF) for the B
If this policy setting is disabled or not configured, the default recovery options are supported for BitLocker recovery. By default a DRA is allowed, the recovery options can be specified by the user including the recovery password and recovery key, and recovery information is not backed up to AD DS.
The format is string.
Sample value for this node to enable this policy is:
-
+
The possible values for 'xx' are:
true = Explicitly allow
@@ -402,7 +402,7 @@ The following XML file contains the device description framework (DDF) for the B
If you enable this policy setting, you can control the methods available to users to recover data from BitLocker-protected fixed data drives.
The format is string.
Sample value for this node to enable this policy is:
-
+
The possible values for 'xx' are:
true = Explicitly allow
@@ -454,7 +454,7 @@ The following XML file contains the device description framework (DDF) for the B
If you disable or do not configure this policy setting, all fixed data drives on the computer will be mounted with read and write access.
The format is string.
Sample value for this node to enable this policy is:
-
+
Disabling the policy will let the system choose the default behaviors.
If you want to disable this policy use the following SyncML:
@@ -495,7 +495,7 @@ The following XML file contains the device description framework (DDF) for the B
Note: This policy setting can be overridden by the group policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" group policy setting is enabled this policy setting will be ignored.
The format is string.
Sample value for this node to enable this policy is:
-
+
The possible values for 'xx' are:
true = Explicitly allow
@@ -575,7 +575,7 @@ The following XML file contains the device description framework (DDF) for the B
require reinstallation of Windows.
Note: This policy takes effect only if "RequireDeviceEncryption" policy is set to 1.
The format is integer.
- The expected values for this policy are:
+ The expected values for this policy are:
1 = This is the default, when the policy is not set. Warning prompt and encryption notification is allowed.
0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
@@ -623,7 +623,7 @@ The following XML file contains the device description framework (DDF) for the B
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user
is the current logged on user in the system.
- The expected values for this policy are:
+ The expected values for this policy are:
1 = "RequireDeviceEncryption" policy will try to enable encryption on all fixed drives even if a current logged in user is standard user.
0 = This is the default, when the policy is not set. If current logged on user is a standard user, "RequireDeviceEncryption" policy
@@ -741,7 +741,7 @@ The policy only comes into effect when Active Directory backup for a recovery pa
* status\RotateRecoveryPasswordsStatus
* status\RotateRecoveryPasswordsRequestID
-
+
Supported Values: String form of request ID. Example format of request ID is GUID. Server can choose the format as needed according to the management tools.\
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index 8c1832dac1..92e080ba93 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -934,7 +934,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
False
- Windows Hello for Business can use certificates to authenticate to on-premise resources.
+ Windows Hello for Business can use certificates to authenticate to on-premise resources.
If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index 11a98be2e2..cd2bf997f6 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -37,7 +37,7 @@ If set to 1 then any MDM policy that's set that has an equivalent GP policy will
> [!NOTE]
-> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md). Nor does it apply to the [Update Policy CSP](policy-csp-update.md) for managing Windows updates.
+> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md). Nor does it apply to the [Update Policy CSP](policy-csp-update.md) for managing Windows updates.
This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index f0c354b20c..016c5d5a51 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -267,7 +267,7 @@ Resource URI for which access is being requested by the Mopria discovery client
This policy must target ./User, otherwise it fails.
-The default value is an empty string. Otherwise, the value should contain a URL.
+The default value is an empty string. Otherwise, the value should contain a URL.
**Example**:
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 0c07ef2d66..9d17406fe6 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -34,11 +34,11 @@ ms.date: 01/18/2024
This policy setting controls whether a device will automatically sign in and lock the last interactive user after the system restarts or after a shutdown and cold boot.
-This only occurs if the last interactive user didn't sign out before the restart or shutdown.
+This only occurs if the last interactive user didn't sign out before the restart or shutdown.
If the device is joined to Active Directory or Microsoft Entra ID, this policy only applies to Windows Update restarts. Otherwise, this will apply to both Windows Update restarts and user-initiated restarts and shutdowns.
-- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
+- If you don't configure this policy setting, it's enabled by default. When the policy is enabled, the user is automatically signed in and the session is automatically locked with all lock screen apps configured for that user after the device boots.
After enabling this policy, you can configure its settings through the ConfigAutomaticRestartSignOn policy, which configures the mode of automatically signing in and locking the last interactive user after a restart or cold boot .
diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
deleted file mode 100644
index 97c1386a73..0000000000
--- a/windows/configuration/TOC.yml
+++ /dev/null
@@ -1,367 +0,0 @@
-- name: Configure Windows client
- href: index.yml
-- name: Customize the appearance
- items:
- - name: Windows 11
- items:
- - name: Start menu
- items:
- - name: Customize Start menu layout
- href: customize-start-menu-layout-windows-11.md
- - name: Supported Start menu CSPs
- href: supported-csp-start-menu-layout-windows.md
- - name: Taskbar
- items:
- - name: Customize Taskbar
- href: customize-taskbar-windows-11.md
- - name: Supported Taskbar CSPs
- href: supported-csp-taskbar-windows.md
- - name: Windows 10 Start and taskbar
- items:
- - name: Start layout and taskbar
- href: windows-10-start-layout-options-and-policies.md
- - name: Use XML
- items:
- - name: Customize and export Start layout
- href: customize-and-export-start-layout.md
- - name: Customize the taskbar
- href: configure-windows-10-taskbar.md
- - name: Add image for secondary Microsoft Edge tiles
- href: start-secondary-tiles.md
- - name: Start layout XML for Windows 10 desktop editions (reference)
- href: start-layout-xml-desktop.md
- - name: Use group policy
- href: customize-windows-10-start-screens-by-using-group-policy.md
- - name: Use provisioning packages
- href: customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
- - name: Use mobile device management (MDM)
- href: customize-windows-10-start-screens-by-using-mobile-device-management.md
- - name: Troubleshoot Start menu errors
- href: /troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors
- - name: Changes to Start policies in Windows 10
- href: changes-to-start-policies-in-windows-10.md
- - name: Accessibility settings
- items:
- - name: Accessibility information for IT Pros
- href: windows-accessibility-for-ITPros.md
- - name: Configure access to Microsoft Store
- href: stop-employees-from-using-microsoft-store.md
- - name: Configure Windows Spotlight on the lock screen
- href: windows-spotlight.md
- - name: Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
- href: manage-tips-and-suggestions.md
- - name: Configure cellular settings for tablets and PCs
- href: provisioning-apn.md
- - name: Lockdown features from Windows Embedded 8.1 Industry
- href: lockdown-features-windows-10.md
-
-
-- name: Configure kiosks and digital signs
- items:
- - name: Configure kiosks and digital signs on Windows desktop editions
- href: kiosk-methods.md
- - name: Prepare a device for kiosk configuration
- href: kiosk-prepare.md
- - name: Set up digital signs
- href: setup-digital-signage.md
- - name: Set up a single-app kiosk
- href: kiosk-single-app.md
- - name: Set up a multi-app kiosk for Windows 10
- href: lock-down-windows-10-to-specific-apps.md
- - name: Set up a multi-app kiosk for Windows 11
- href: lock-down-windows-11-to-specific-apps.md
- - name: Kiosk reference information
- items:
- - name: More kiosk methods and reference information
- href: kiosk-additional-reference.md
- - name: Find the Application User Model ID of an installed app
- href: find-the-application-user-model-id-of-an-installed-app.md
- - name: Validate your kiosk configuration
- href: kiosk-validate.md
- - name: Guidelines for choosing an app for assigned access (kiosk mode)
- href: guidelines-for-assigned-access-app.md
- - name: Policies enforced on kiosk devices
- href: kiosk-policies.md
- - name: Assigned access XML reference
- href: kiosk-xml.md
- - name: Use AppLocker to create a Windows 10 kiosk
- href: lock-down-windows-10-applocker.md
- - name: Use Shell Launcher to create a Windows client kiosk
- href: kiosk-shelllauncher.md
- - name: Use MDM Bridge WMI Provider to create a Windows client kiosk
- href: kiosk-mdm-bridge.md
- - name: Troubleshoot kiosk mode issues
- href: /troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting
-
-- name: Configure multi-user and guest devices
- items:
- - name: Shared devices concepts
- href: shared-devices-concepts.md
- - name: Configure shared devices with Shared PC
- href: set-up-shared-or-guest-pc.md
- - name: Shared PC technical reference
- href: shared-pc-technical.md
-
-- name: Use provisioning packages
- items:
- - name: Provisioning packages for Windows client
- href: provisioning-packages/provisioning-packages.md
- - name: How provisioning works in Windows client
- href: provisioning-packages/provisioning-how-it-works.md
- - name: Introduction to configuration service providers (CSPs)
- href: provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
- - name: Install Windows Configuration Designer
- href: provisioning-packages/provisioning-install-icd.md
- - name: Create a provisioning package
- href: provisioning-packages/provisioning-create-package.md
- - name: Apply a provisioning package
- href: provisioning-packages/provisioning-apply-package.md
- - name: Settings changed when you uninstall a provisioning package
- href: provisioning-packages/provisioning-uninstall-package.md
- - name: Provision PCs with common settings for initial deployment (desktop wizard)
- href: provisioning-packages/provision-pcs-for-initial-deployment.md
- - name: Provision PCs with apps
- href: provisioning-packages/provision-pcs-with-apps.md
- - name: Use a script to install a desktop app in provisioning packages
- href: provisioning-packages/provisioning-script-to-install-app.md
- - name: Create a provisioning package with multivariant settings
- href: provisioning-packages/provisioning-multivariant.md
- - name: PowerShell cmdlets for provisioning Windows client (reference)
- href: provisioning-packages/provisioning-powershell.md
- - name: Diagnose provisioning packages
- href: provisioning-packages/diagnose-provisioning-packages.md
- - name: Windows Configuration Designer command-line interface (reference)
- href: provisioning-packages/provisioning-command-line.md
-
-- name: Configure Cortana
- items:
- - name: Configure Cortana in Windows 10
- href: cortana-at-work/cortana-at-work-overview.md
- - name: Testing scenarios using Cortana n Windows 10, version 2004 and later
- items:
- - name: Set up and test Cortana in Windows 10, version 2004 and later
- href: cortana-at-work/set-up-and-test-cortana-in-windows-10.md
- - name: Cortana at work testing scenarios
- href: cortana-at-work/cortana-at-work-testing-scenarios.md
- - name: Test scenario 1 - Sign into Microsoft Entra ID, enable the wake word, and try a voice query
- href: cortana-at-work/cortana-at-work-scenario-1.md
- - name: Test scenario 2 - Run a Bing search with Cortana
- href: cortana-at-work/cortana-at-work-scenario-2.md
- - name: Test scenario 3 - Set a reminder
- href: cortana-at-work/cortana-at-work-scenario-3.md
- - name: Test scenario 4 - Use Cortana to find free time on your calendar
- href: cortana-at-work/cortana-at-work-scenario-4.md
- - name: Test scenario 5 - Find out about a person
- href: cortana-at-work/cortana-at-work-scenario-5.md
- - name: Test scenario 6 - Change your language and run a quick search with Cortana
- href: cortana-at-work/cortana-at-work-scenario-6.md
- - name: Send feedback about Cortana back to Microsoft
- href: cortana-at-work/cortana-at-work-feedback.md
- - name: Testing scenarios using Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
- items:
- - name: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
- href: cortana-at-work/cortana-at-work-o365.md
- - name: Testing scenarios using Cortana in your business or organization
- href: cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
- - name: Test scenario 1 - Sign into Microsoft Entra ID, enable the wake word, and try a voice query
- href: cortana-at-work/test-scenario-1.md
- - name: Test scenario 2 - Run a quick search with Cortana at work
- href: cortana-at-work/test-scenario-2.md
- - name: Test scenario 3 - Set a reminder for a specific location using Cortana at work
- href: cortana-at-work/test-scenario-3.md
- - name: Test scenario 4 - Use Cortana at work to find your upcoming meetings
- href: cortana-at-work/test-scenario-4.md
- - name: Test scenario 5 - Use Cortana to send email to a coworker
- href: cortana-at-work/test-scenario-5.md
- - name: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
- href: cortana-at-work/test-scenario-6.md
- - name: Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
- href: cortana-at-work/cortana-at-work-scenario-7.md
-
- - name: Set up and test custom voice commands in Cortana for your organization
- href: cortana-at-work/cortana-at-work-voice-commands.md
- - name: Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
- href: cortana-at-work/cortana-at-work-policy-settings.md
-
-
-- name: Reference
- items:
- - name: Windows Configuration Designer reference
- items:
- - name: Windows Configuration Designer provisioning settings (reference)
- href: wcd/wcd.md
- - name: Changes to settings in Windows Configuration Designer
- href: wcd/wcd-changes.md
- - name: AccountManagement
- href: wcd/wcd-accountmanagement.md
- - name: Accounts
- href: wcd/wcd-accounts.md
- - name: ADMXIngestion
- href: wcd/wcd-admxingestion.md
- - name: AssignedAccess
- href: wcd/wcd-assignedaccess.md
- - name: Browser
- href: wcd/wcd-browser.md
- - name: CellCore
- href: wcd/wcd-cellcore.md
- - name: Cellular
- href: wcd/wcd-cellular.md
- - name: Certificates
- href: wcd/wcd-certificates.md
- - name: CleanPC
- href: wcd/wcd-cleanpc.md
- - name: Connections
- href: wcd/wcd-connections.md
- - name: ConnectivityProfiles
- href: wcd/wcd-connectivityprofiles.md
- - name: CountryAndRegion
- href: wcd/wcd-countryandregion.md
- - name: DesktopBackgroundAndColors
- href: wcd/wcd-desktopbackgroundandcolors.md
- - name: DeveloperSetup
- href: wcd/wcd-developersetup.md
- - name: DeviceFormFactor
- href: wcd/wcd-deviceformfactor.md
- - name: DeviceManagement
- href: wcd/wcd-devicemanagement.md
- - name: DeviceUpdateCenter
- href: wcd/wcd-deviceupdatecenter.md
- - name: DMClient
- href: wcd/wcd-dmclient.md
- - name: EditionUpgrade
- href: wcd/wcd-editionupgrade.md
- - name: FirewallConfiguration
- href: wcd/wcd-firewallconfiguration.md
- - name: FirstExperience
- href: wcd/wcd-firstexperience.md
- - name: Folders
- href: wcd/wcd-folders.md
- - name: HotSpot
- href: wcd/wcd-hotspot.md
- - name: KioskBrowser
- href: wcd/wcd-kioskbrowser.md
- - name: Licensing
- href: wcd/wcd-licensing.md
- - name: Location
- href: wcd/wcd-location.md
- - name: Maps
- href: wcd/wcd-maps.md
- - name: NetworkProxy
- href: wcd/wcd-networkproxy.md
- - name: NetworkQOSPolicy
- href: wcd/wcd-networkqospolicy.md
- - name: OOBE
- href: wcd/wcd-oobe.md
- - name: Personalization
- href: wcd/wcd-personalization.md
- - name: Policies
- href: wcd/wcd-policies.md
- - name: Privacy
- href: wcd/wcd-privacy.md
- - name: ProvisioningCommands
- href: wcd/wcd-provisioningcommands.md
- - name: SharedPC
- href: wcd/wcd-sharedpc.md
- - name: SMISettings
- href: wcd/wcd-smisettings.md
- - name: Start
- href: wcd/wcd-start.md
- - name: StartupApp
- href: wcd/wcd-startupapp.md
- - name: StartupBackgroundTasks
- href: wcd/wcd-startupbackgroundtasks.md
- - name: StorageD3InModernStandby
- href: wcd/wcd-storaged3inmodernstandby.md
- - name: SurfaceHubManagement
- href: wcd/wcd-surfacehubmanagement.md
- - name: TabletMode
- href: wcd/wcd-tabletmode.md
- - name: TakeATest
- href: wcd/wcd-takeatest.md
- - name: Time
- href: wcd/wcd-time.md
- - name: UnifiedWriteFilter
- href: wcd/wcd-unifiedwritefilter.md
- - name: UniversalAppInstall
- href: wcd/wcd-universalappinstall.md
- - name: UniversalAppUninstall
- href: wcd/wcd-universalappuninstall.md
- - name: UsbErrorsOEMOverride
- href: wcd/wcd-usberrorsoemoverride.md
- - name: WeakCharger
- href: wcd/wcd-weakcharger.md
- - name: WindowsHelloForBusiness
- href: wcd/wcd-windowshelloforbusiness.md
- - name: WindowsTeamSettings
- href: wcd/wcd-windowsteamsettings.md
- - name: WLAN
- href: wcd/wcd-wlan.md
- - name: Workplace
- href: wcd/wcd-workplace.md
-
- - name: User Experience Virtualization (UE-V)
- items:
- - name: User Experience Virtualization (UE-V) for Windows 10
- href: ue-v/uev-for-windows.md
- - name: Get started with UE-V
- items:
- - name: Get started with UE-V
- href: ue-v/uev-getting-started.md
- - name: What's New in UE-V for Windows 10, version 1607
- href: ue-v/uev-whats-new-in-uev-for-windows.md
- - name: User Experience Virtualization Release Notes
- href: ue-v/uev-release-notes-1607.md
- - name: Upgrade to UE-V for Windows 10
- href: ue-v/uev-upgrade-uev-from-previous-releases.md
- - name: Prepare a UE-V Deployment
- items:
- - name: Prepare a UE-V Deployment
- href: ue-v/uev-prepare-for-deployment.md
- - name: Deploy Required UE-V Features
- href: ue-v/uev-deploy-required-features.md
- - name: Deploy UE-V for use with Custom Applications
- href: ue-v/uev-deploy-uev-for-custom-applications.md
- - name: Administer UE-V
- items:
- - name: UE-V administration guide
- href: ue-v/uev-administering-uev.md
- - name: Manage Configurations for UE-V
- items:
- - name: Manage Configurations for UE-V
- href: ue-v/uev-manage-configurations.md
- - name: Configuring UE-V with Group Policy Objects
- href: ue-v/uev-configuring-uev-with-group-policy-objects.md
- - name: Configuring UE-V with Microsoft Configuration Manager
- href: ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
- - name: Administering UE-V with Windows PowerShell and WMI
- href: ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
- - name: Managing the UE-V Service and Packages with Windows PowerShell and WMI
- href: ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
- - name: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
- href: ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
- - name: Working with Custom UE-V Templates and the UE-V Template Generator
- href: ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
- - name: Manage Administrative Backup and Restore in UE-V
- href: ue-v/uev-manage-administrative-backup-and-restore.md
- - name: Changing the Frequency of UE-V Scheduled Tasks
- href: ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
- - name: Migrating UE-V Settings Packages
- href: ue-v/uev-migrating-settings-packages.md
- - name: Using UE-V with Application Virtualization Applications
- href: ue-v/uev-using-uev-with-application-virtualization-applications.md
- - name: Troubleshooting UE-V
- href: ue-v/uev-troubleshooting.md
- - name: Technical Reference for UE-V
- items:
- - name: Technical Reference for UE-V
- href: ue-v/uev-technical-reference.md
- - name: Sync Methods for UE-V
- href: ue-v/uev-sync-methods.md
- - name: Sync Trigger Events for UE-V
- href: ue-v/uev-sync-trigger-events.md
- - name: Synchronizing Microsoft Office with UE-V
- href: ue-v/uev-synchronizing-microsoft-office-with-uev.md
- - name: Application Template Schema Reference for UE-V
- href: ue-v/uev-application-template-schema-reference.md
- - name: Security Considerations for UE-V
- href: ue-v/uev-security-considerations.md
diff --git a/windows/configuration/windows-accessibility-for-ITPros.md b/windows/configuration/accessibility/index.md
similarity index 95%
rename from windows/configuration/windows-accessibility-for-ITPros.md
rename to windows/configuration/accessibility/index.md
index cda104c484..335576ee27 100644
--- a/windows/configuration/windows-accessibility-for-ITPros.md
+++ b/windows/configuration/accessibility/index.md
@@ -1,19 +1,9 @@
---
title: Windows accessibility information for IT Pros
description: Lists the various accessibility features available in Windows client with links to detailed guidance on how to set them.
-ms.prod: windows-client
-ms.technology: itpro-configure
-ms.author: lizlong
-author: lizgt2000
-ms.date: 08/11/2023
-ms.reviewer:
-manager: aaroncz
-ms.localizationpriority: medium
+ms.date: 01/25/2024
ms.topic: conceptual
ms.collection: tier1
-appliesto:
- - ✅ Windows 10
- - ✅ Windows 11
---
@@ -25,76 +15,54 @@ Microsoft is dedicated to making its products and services accessible and usable
This article helps you as the IT administrator learn about built-in accessibility features. It also includes recommendations for how to support people in your organization who use these features.
-Windows 11, version 22H2, includes improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/) and [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554).
+Windows 11, version 22H2, includes improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/) and [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554).
+
## General recommendations
- **Be aware of Ease of Access settings**. Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows.
-
- **Don't block settings**. Avoid using group policy or MDM settings that override Ease of Access settings.
-
- **Encourage choice**. Allow people in your organization to customize their computers based on their needs. That customization might be installing an add-on for their browser, or a non-Microsoft assistive technology.
## Vision
- [Use Narrator to use devices without a screen](https://support.microsoft.com/windows/complete-guide-to-narrator-e4397a0d-ef4f-b386-d8ae-c172f109bdb1). Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices. Now the user is able to download and install 10 more natural languages.
-
- [Create accessible apps](/windows/apps/develop/accessibility). You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.
-
- Use keyboard shortcuts. Get the most out of Windows with shortcuts for apps and desktops.
-
- [Keyboard shortcuts in Windows](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec)
- [Narrator keyboard commands and touch gestures](https://support.microsoft.com/windows/appendix-b-narrator-keyboard-commands-and-touch-gestures-8bdab3f4-b3e9-4554-7f28-8b15bd37410a)
- [Windows keyboard shortcuts for accessibility](https://support.microsoft.com/windows/windows-keyboard-shortcuts-for-accessibility-021bcb62-45c8-e4ef-1e4f-41b8c1fc87fd)
-
- Get closer with [Magnifier](https://support.microsoft.com/windows/use-magnifier-to-make-things-on-the-screen-easier-to-see-414948ba-8b1c-d3bd-8615-0e5e32204198). Magnifier enlarges all or part of your screen and offers various configuration settings.
-
- [Make Windows easier to see](https://support.microsoft.com/windows/make-windows-easier-to-see-c97c2b0d-cadb-93f0-5fd1-59ccfe19345d).
-
- Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.
- Adjust the size of text, icons, and other screen items to make them easier to see.
- Many high-contrast themes are available to suit your needs.
-
- [Have Cortana assist](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
-
- [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes speech recognition that lets you tell it what to do.
-
- [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
-
- [Keep notifications around longer](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1). If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
-
- [Read in braille](https://support.microsoft.com/windows/chapter-8-using-narrator-with-braille-3e5f065b-1c9d-6eb2-ec6d-1d07c9e94b20). Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.
-
- Starting in Windows 11, version 22H2 with [KB5022913](https://support.microsoft.com/kb/5022913), the compatibility of braille displays has been expanded. Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience.
## Hearing
- [Use live captions to better understand audio](https://support.microsoft.com/windows/use-live-captions-to-better-understand-audio-b52da59c-14b8-4031-aeeb-f6a47e6055df). Use Windows 11, version 22H2 or later to better understand any spoken audio with real time captions.
-
- Starting with Windows 11, version 22H2 with [KB5026446](https://support.microsoft.com/kb/5026446), live captions now supports additional languages.
-
- [View live transcription in a Teams meeting](https://support.microsoft.com/office/view-live-transcription-in-a-teams-meeting-dc1a8f23-2e20-4684-885e-2152e06a4a8b). During any Teams meeting, view a live transcription so you don't miss what's being said.
-
- [Use Teams for sign language](https://www.microsoft.com/microsoft-teams/group-chat-software). Teams is available on various platforms and devices, so you don't have to worry about whether your co-workers, friends, and family can communicate with you.
- [Make Windows easier to hear](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1).
-
- Replace audible alerts with visual alerts.
- If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
- Send all sounds to both left and right channels, which is helpful for those people with partial hearing loss or deafness in one ear.
-
- [Read spoken words with captioning](https://support.microsoft.com/windows/change-caption-settings-135c465b-8cfd-3bac-9baf-4af74bc0069a). You can customize things like color, size, and background transparency to suit your needs and tastes.
-
- Use the [Azure Cognitive Services Translator](/azure/cognitive-services/translator/) service to add machine translation to your solutions.
## Physical
- [Have Cortana assist you](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
-
- [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes voice recognition that lets you tell it what to do.
-
- [Use the On-Screen Keyboard (OSK)](https://support.microsoft.com/windows/use-the-on-screen-keyboard-osk-to-type-ecbb5e08-5b4e-d8c8-f794-81dbf896267a). Instead of relying on a physical keyboard, use the OSK to enter data and select keys with a mouse or other pointing device. It also offers word prediction and completion.
-
- [Make your mouse, keyboard, and other input devices easier to use](https://support.microsoft.com/windows/make-your-mouse-keyboard-and-other-input-devices-easier-to-use-10733da7-fa82-88be-0672-f123d4b3dcfe).
- If you have limited control of your hands, you can personalize your keyboard to do helpful things like ignore repeated keys.
@@ -103,32 +71,24 @@ Windows 11, version 22H2, includes improvements for people with disabilities: sy
## Cognition
- [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
-
- [Download and use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721). **Fluent Sitka Small** and **Fluent Calibri** are fonts that address "visual crowding" by adding character and enhance word and line spacing.
-
- [Microsoft Edge reading view](https://support.microsoft.com/windows/take-your-reading-with-you-b6699255-4436-708e-7b93-4d2e19a15af8). Clears distracting content from web pages so you can stay focused on what you really want to read.
## Assistive technology devices built into Windows
- [Hear text read aloud with Narrator](https://support.microsoft.com/windows/hear-text-read-aloud-with-narrator-040f16c1-4632-b64e-110a-da4a0ac56917). Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.
-
- Scripting functionality has been added to Narrator. There is store delivery of Narrator extension scripts which currently include an Outlook script and an Excel script.
-
- [Use voice recognition](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571).
- With spellings experience in voice access, you can dictate a complex or non-standard word letter-by-letter and add it to Windows dictionary. The next time you try to dictate the same word, voice access improves its recognition.
- [Save time with keyboard shortcuts](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec).
-
-- [Use voice access to control your PC and author text with your voice](https://support.microsoft.com/en-us/topic/use-voice-access-to-control-your-pc-author-text-with-your-voice-4dcd23ee-f1b9-4fd1-bacc-862ab611f55d).
+- [Use voice access to control your PC and author text with your voice](https://support.microsoft.com/topic/use-voice-access-to-control-your-pc-author-text-with-your-voice-4dcd23ee-f1b9-4fd1-bacc-862ab611f55d).
## Other resources
[Windows accessibility](https://www.microsoft.com/Accessibility/windows)
-
[Designing accessible software](/windows/apps/design/accessibility/designing-inclusive-software)
-
[Inclusive design](https://www.microsoft.com/design/inclusive)
-
[Accessibility guide for Microsoft 365 Apps](/deployoffice/accessibility-guide)
diff --git a/windows/configuration/images/apn-add-details.PNG b/windows/configuration/cellular/images/apn-add-details.PNG
similarity index 100%
rename from windows/configuration/images/apn-add-details.PNG
rename to windows/configuration/cellular/images/apn-add-details.PNG
diff --git a/windows/configuration/images/apn-add.PNG b/windows/configuration/cellular/images/apn-add.PNG
similarity index 100%
rename from windows/configuration/images/apn-add.PNG
rename to windows/configuration/cellular/images/apn-add.PNG
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/cellular/provisioning-apn.md
similarity index 66%
rename from windows/configuration/provisioning-apn.md
rename to windows/configuration/cellular/provisioning-apn.md
index 4600c0eaf2..88c77810eb 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/cellular/provisioning-apn.md
@@ -1,63 +1,40 @@
---
-title: Configure cellular settings for tablets and PCs (Windows 10)
+title: Configure cellular settings for tablets and PCs
description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: article
-ms.localizationpriority: medium
+ms.topic: concept-article
ms.date: 04/13/2018
-ms.technology: itpro-configure
---
# Configure cellular settings for tablets and PCs
-
-**Applies to**
-
-- Windows 10
-
>**Looking for consumer information?** See [Cellular settings in Windows 10](https://support.microsoft.com/help/10739/windows-10-cellular-settings)
-Enterprises can configure cellular settings for tablets and PC that have built-in cellular modems or plug-in USB modem dongles and apply the settings in a [provisioning package](provisioning-packages/provisioning-packages.md). After the devices are configured, users are automatically connected using the access point name (APN) defined by the enterprise without needing to manually connect.
+Enterprises can configure cellular settings for tablets and PC that have built-in cellular modems or plug-in USB modem dongles and apply the settings in a [provisioning package](../provisioning-packages/provisioning-packages.md). After the devices are configured, users are automatically connected using the access point name (APN) defined by the enterprise without needing to manually connect.
For users who work in different locations, you can configure one APN to connect when the users are at work and a different APN when the users are traveling.
-
## Prerequisites
- Windows 10, version 1703, desktop editions (Home, Pro, Enterprise, Education)
-
- Tablet or PC with built-in cellular modem or plug-in USB modem dongle
-
-- [Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md)
-
+- [Windows Configuration Designer](../provisioning-packages/provisioning-install-icd.md)
- APN (the address that your PC uses to connect to the Internet when using the cellular data connection)
- >[!NOTE]
- >You can get the APN from your mobile operator.
-
## How to configure cellular settings in a provisioning package
-1. In Windows Configuration Designer, [start a new project](provisioning-packages/provisioning-create-package.md) using the **Advanced provisioning** option.
+1. In Windows Configuration Designer, [start a new project](../provisioning-packages/provisioning-create-package.md) using the **Advanced provisioning** option.
+1. Enter a name for your project, and then click **Next**.
+1. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.
+1. Go to **Runtime settings > Connections > EnterpriseAPN**.
+1. Enter a name for the connection, and then click **Add**.
-2. Enter a name for your project, and then click **Next**.
+
-3. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.
+1. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection.
-4. Go to **Runtime settings > Connections > EnterpriseAPN**.
+
-5. Enter a name for the connection, and then click **Add**.
-
- 
-
-6. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection.
-
- 
-
-7. The following table describes the settings available for the connection.
+1. The following table describes the settings available for the connection.
| Setting | Description |
| --- | --- |
@@ -72,45 +49,39 @@ For users who work in different locations, you can configure one APN to connect
| Password | If you select PAP, CHAP, or MSCHAPv2 authentication, enter a password that corresponds to the user name. |
| Roaming | Select the behavior that you want when the device is roaming. The options are:-Disallowed-Allowed (default)-DomesticRoaming-Use OnlyForDomesticRoaming-UseOnlyForNonDomesticRoaming-UseOnlyForRoaming |
| UserName | If you select PAP, CHAP, or MSCHAPv2 authentication, enter a user name. |
-
-8. After you configure the connection settings, [build the provisioning package](provisioning-packages/provisioning-create-package.md#build-package).
-
-9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md)
+1. After you configure the connection settings, [build the provisioning package](../provisioning-packages/provisioning-create-package.md#build-package).
+1. [Apply the package to devices.](../provisioning-packages/provisioning-apply-package.md)
## Confirm the settings
After you apply the provisioning package, you can confirm that the settings have been applied.
1. On the configured device, open a command prompt as an administrator.
+1. Run the following command:
-2. Run the following command:
-
- ```
+ ```cmd
netsh mbn show profiles
```
-3. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
+1. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
- ```
+ ```cmd
netsh mbn show profiles name="name"
```
This command will list details for that profile, including Access Point Name.
-
Alternatively, you can also use the command:
-```
+```cmd
netsh mbn show interface
```
From the results of that command, get the name of the cellular/mobile broadband interface and run:
-```
+```cmd
netsh mbn show connection interface="name"
```
The result of that command will show details for the cellular interface, including Access Point Name.
-
-
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
deleted file mode 100644
index c8a911f8a2..0000000000
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ /dev/null
@@ -1,91 +0,0 @@
----
-title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
-description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: whats-new
-ms.localizationpriority: medium
-ms.date: 08/18/2023
-ms.technology: itpro-configure
----
-
-# Changes to Group Policy settings for Windows 10 Start
-
-**Applies to**:
-
-- Windows 10
-
-Windows 10 has a brand new Start experience. As a result, there are changes to the Group Policy settings that you can use to manage Start. Some policy settings are new or changed, and some old Start policy settings still apply. Other Start policy settings no longer apply and are deprecated.
-
-## Start policy settings supported for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-
-
-These policy settings are available in **Administrative Templates\\Start Menu and Taskbar** under **User Configuration**.
-
-|Policy|Notes|
-|--- |--- |
-|Clear history of recently opened documents on exit|Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.|
-|Don't allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.|
-|Don't display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.|
-|Don't keep history of recently opened documents|Documents that the user opens aren't tracked during the session.|
-|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this policy disables all of the settings in **Settings** > **Personalization** > **Start** and the options in dialog available via right-click Taskbar > **Properties**|
-|Prevent users from customizing their Start Screen|Use this policy with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it|
-|Prevent users from uninstalling applications from Start|In Windows 10, this policy removes the uninstall button in the context menu. It doesn't prevent users from uninstalling the app through other entry points (for example, PowerShell)|
-|Remove All Programs list from the Start menu|In Windows 10, this policy removes the **All apps** button.|
-|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This policy removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.|
-|Remove common program groups from Start Menu|As in earlier versions of Windows, this policy removes apps specified in the All Users profile from Start|
-|Remove frequent programs list from the Start Menu|In Windows 10, this policy removes the top left **Most used** group of apps.|
-|Remove Logoff on the Start Menu|**Logoff** has been changed to **Sign Out** in the user interface, however the functionality is the same.|
-|Remove pinned programs list from the Start Menu|In Windows 10, this policy removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).|
-|Show "Run as different user" command on Start|This policy enables the **Run as different user** option in the right-click menu for apps.|
-|Start Layout|This policy applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.|
-|Force Start to be either full screen size or menu size|This policy applies a specific size for Start.|
-
-## Deprecated Group Policy settings for Start
-
-The Start policy settings listed in the following table don't work on Windows 10. Most of them were deprecated in Windows 8 however a few more were deprecated in Windows 10. Deprecation in this case means that the policy setting won't work on Windows 10. The “Supported on” text for a policy setting won't list Windows 10. The policy settings are still in the Group Policy Management Console and can be used on the operating systems that they apply to.
-
-| Policy | When deprecated |
-|----------------------------------------------------------------------------------|-----------------|
-| Go to the desktop instead of Start when signing in | Windows 10 |
-| List desktop apps first in the Apps view | Windows 10 |
-| Pin Apps to Start when installed (User or Computer) | Windows 10 |
-| Remove Default Programs link from the Start menu. | Windows 10 |
-| Remove Documents icon from Start Menu | Windows 10 |
-| Remove programs on Settings menu | Windows 10 |
-| Remove Run menu from Start Menu | Windows 10 |
-| Remove the "Undock PC" button from the Start Menu | Windows 10 |
-| Search just apps from the Apps view | Windows 10 |
-| Show Start on the display the user is using when they press the Windows logo key | Windows 10 |
-| Show the Apps view automatically when the user goes to Start | Windows 10 |
-| Add the Run command to the Start Menu | Windows 8 |
-| Change Start Menu power button | Windows 8 |
-| Gray unavailable Windows Installer programs Start Menu shortcuts | Windows 8 |
-| Remove Downloads link from Start Menu | Windows 8 |
-| Remove Favorites menu from Start Menu | Windows 8 |
-| Remove Games link from Start Menu | Windows 8 |
-| Remove Help menu from Start Menu | Windows 8 |
-| Remove Homegroup link from Start Menu | Windows 8 |
-| Remove Music icon from Start Menu | Windows 8 |
-| Remove Network icon from Start Menu | Windows 8 |
-| Remove Pictures icon from Start Menu | Windows 8 |
-| Remove Recent Items menu from Start Menu | Windows 8 |
-| Remove Recorded TV link from Start Menu | Windows 8 |
-| Remove user folder link from Start Menu | Windows 8 |
-| Remove Videos link from Start Menu | Windows 8 |
-
-
-
-## Related topics
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
deleted file mode 100644
index 904afc2d16..0000000000
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ /dev/null
@@ -1,140 +0,0 @@
----
-title: Customize Windows 10 Start and taskbar with provisioning packages (Windows 10)
-description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: article
-ms.localizationpriority: medium
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Customize Windows 10 Start and taskbar with provisioning packages
-
-
-**Applies to**
-
-- Windows 10
-
-> **Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
-
-> [!NOTE]
-> Currently, using provisioning packages to customize the Start menu layout is supported on Windows 10. It's not supported on Windows 11.
-
-In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a provisioning package that you create with Windows Configuration Designer to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
-
-> [!IMPORTANT]
-> If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
-
-**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions.
-
-## How Start layout control works
-
-
-Three features enable Start and taskbar layout control:
-
-- The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
-
- > [!NOTE]
- > To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](/powershell/module/startlayout/import-startlayout) cmdlet.
-
-- [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration.
-
-- In Windows Configuration Designer, you use the **Policies/Start/StartLayout** setting to provide the contents of the .xml file that defines the Start and taskbar layout.
-
-
-
-## Prepare the Start layout XML file
-
-The **Export-StartLayout** cmdlet produces an XML file. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout section to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout section to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
-
-
-1. Copy the contents of layout.xml into an online tool that escapes characters.
-
-3. During the procedure to create a provisioning package, you will copy the text with the escape characters and paste it in the customizations.xml file for your project.
-
-## Create a provisioning package that contains a customized Start layout
-
-
-Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
-
-> [!IMPORTANT]
-> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
-1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
-
-2. Choose **Advanced provisioning**.
-
-3. Name your project, and click **Next**.
-
-4. Choose **All Windows desktop editions** and click **Next**.
-
-5. On **New project**, click **Finish**. The workspace for your package opens.
-
-6. Expand **Runtime settings** > **Policies** > **Start**, and click **StartLayout**.
-
- > [!TIP]
- > If **Start** is not listed, check the type of settings you selected in step 4. You must create the project using settings for **All Windows desktop editions**.
-
-7. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the layout.xml file in a later step.
-
-7. Save your project and close Windows Configuration Designer.
-
-7. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*)
-
-7. Open the customizations.xml file in a text editor. The **<Customizations>** section will look like this:
-
- 
-
-7. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
-
-8. Save and close the customizations.xml file.
-
-8. Open Windows Configuration Designer and open your project.
-
-8. On the **File** menu, select **Save.**
-
-9. On the **Export** menu, select **Provisioning package**.
-
-10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
-
-11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
-
- - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
-
- - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
-
-12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
-
- Optionally, you can click **Browse** to change the default output location.
-
-13. Click **Next**.
-
-14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
-
- If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
-
-15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
-
- If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
-
- - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
- - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
-
-16. Copy the provisioning package to the target device.
-
-17. Double-click the ppkg file and allow it to install.
-
-## Related topics
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index 6d8d824a07..fdd0a1c4a7 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -41,9 +41,10 @@
"zone_pivot_group_filename": "resources/zone-pivot-groups.json",
"breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
"uhfHeaderId": "MSDocsHeader-Windows",
- "ms.technology": "itpro-configure",
- "ms.topic": "article",
- "ms.prod": "windows-client",
+ "ms.subservice": "itpro-configure",
+ "ms.service": "windows-client",
+ "ms.author": "paoloma",
+ "author": "paolomatarazzo",
"manager": "aaroncz",
"feedback_system": "Standard",
"feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
@@ -55,10 +56,10 @@
},
"titleSuffix": "Configure Windows",
"contributors_to_exclude": [
- "rjagiewich",
- "traya1",
- "rmca14",
- "claydetels19",
+ "rjagiewich",
+ "traya1",
+ "rmca14",
+ "claydetels19",
"jborsecnik",
"tiburd",
"garycentric",
@@ -73,6 +74,43 @@
"feedback_system": {
"ue-v/**/*.*": "None",
"cortana-at-work/**/*.*": "None"
+ },
+ "author":{
+ "cortana-at-work//**/*.md": "aczechowski",
+ "cortana-at-work//**/*.yml": "aczechowski",
+ "wcd//**/*.md": "aczechowski",
+ "wcd//**/*.yml": "aczechowski",
+ "ue-v//**/*.md": "aczechowski",
+ "ue-v//**/*.yml": "aczechowski"
+ },
+ "ms.author":{
+ "cortana-at-work//**/*.md": "aaroncz",
+ "cortana-at-work//**/*.yml": "aaroncz",
+ "wcd//**/*.md": "aaroncz",
+ "wcd//**/*.yml": "aaroncz",
+ "ue-v//**/*.md": "aaroncz",
+ "ue-v//**/*.yml": "aaroncz"
+ },
+ "ms.reviewer":{
+ "kiosk//**/*.md": "sybruckm",
+ "start//**/*.md": "ericpapa"
+ },
+ "ms.collection":{
+ "cortana-at-work//**/*.md": "tier3",
+ "wcd//**/*.md": "must-keep",
+ "ue-v//**/*.md": [
+ "must-keep",
+ "tier3"
+ ]
+ },
+ "appliesto": {
+ "*/**/*.md": [
+ "✅ Windows 11",
+ "✅ Windows 10"
+ ],
+ "ue-v//**/*.md": "✅ Windows 10",
+ "cortana-at-work//**/*.md": "✅ Windows 10",
+ "wcd//**/*.md": ""
}
},
"template": [],
@@ -80,3 +118,4 @@
"markdownEngineName": "markdig"
}
}
+
diff --git a/windows/configuration/images/account-management-details.PNG b/windows/configuration/images/account-management-details.png
similarity index 100%
rename from windows/configuration/images/account-management-details.PNG
rename to windows/configuration/images/account-management-details.png
diff --git a/windows/configuration/images/add-applications-details.PNG b/windows/configuration/images/add-applications-details.png
similarity index 100%
rename from windows/configuration/images/add-applications-details.PNG
rename to windows/configuration/images/add-applications-details.png
diff --git a/windows/configuration/images/add-certificates-details.PNG b/windows/configuration/images/add-certificates-details.png
similarity index 100%
rename from windows/configuration/images/add-certificates-details.PNG
rename to windows/configuration/images/add-certificates-details.png
diff --git a/windows/configuration/images/admx-category.PNG b/windows/configuration/images/admx-category.png
similarity index 100%
rename from windows/configuration/images/admx-category.PNG
rename to windows/configuration/images/admx-category.png
diff --git a/windows/configuration/images/admx-policy.PNG b/windows/configuration/images/admx-policy.png
similarity index 100%
rename from windows/configuration/images/admx-policy.PNG
rename to windows/configuration/images/admx-policy.png
diff --git a/windows/configuration/images/apn-add-details.png b/windows/configuration/images/apn-add-details.png
new file mode 100644
index 0000000000..caee3d6429
Binary files /dev/null and b/windows/configuration/images/apn-add-details.png differ
diff --git a/windows/configuration/images/apn-add.png b/windows/configuration/images/apn-add.png
new file mode 100644
index 0000000000..0e25e5c0e9
Binary files /dev/null and b/windows/configuration/images/apn-add.png differ
diff --git a/windows/configuration/images/customization-start-edge.PNG b/windows/configuration/images/customization-start-edge.png
similarity index 100%
rename from windows/configuration/images/customization-start-edge.PNG
rename to windows/configuration/images/customization-start-edge.png
diff --git a/windows/configuration/images/customization-start.PNG b/windows/configuration/images/customization-start.png
similarity index 100%
rename from windows/configuration/images/customization-start.PNG
rename to windows/configuration/images/customization-start.png
diff --git a/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png b/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png
deleted file mode 100644
index ca0cbd51cc..0000000000
Binary files a/windows/configuration/images/customize-start-menu-layout-windows-11/start-menu-layout.png and /dev/null differ
diff --git a/windows/configuration/images/icd-create-options-1703.PNG b/windows/configuration/images/icd-create-options-1703.png
similarity index 100%
rename from windows/configuration/images/icd-create-options-1703.PNG
rename to windows/configuration/images/icd-create-options-1703.png
diff --git a/windows/configuration/images/icd-desktop-1703.PNG b/windows/configuration/images/icd-desktop-1703.png
similarity index 100%
rename from windows/configuration/images/icd-desktop-1703.PNG
rename to windows/configuration/images/icd-desktop-1703.png
diff --git a/windows/configuration/images/icd-runtime.PNG b/windows/configuration/images/icd-runtime.png
similarity index 100%
rename from windows/configuration/images/icd-runtime.PNG
rename to windows/configuration/images/icd-runtime.png
diff --git a/windows/configuration/images/icd-setting-help.PNG b/windows/configuration/images/icd-setting-help.png
similarity index 100%
rename from windows/configuration/images/icd-setting-help.PNG
rename to windows/configuration/images/icd-setting-help.png
diff --git a/windows/configuration/images/icd-step1.PNG b/windows/configuration/images/icd-step1.png
similarity index 100%
rename from windows/configuration/images/icd-step1.PNG
rename to windows/configuration/images/icd-step1.png
diff --git a/windows/configuration/images/icd-step2.PNG b/windows/configuration/images/icd-step2.png
similarity index 100%
rename from windows/configuration/images/icd-step2.PNG
rename to windows/configuration/images/icd-step2.png
diff --git a/windows/configuration/images/icd-step3.PNG b/windows/configuration/images/icd-step3.png
similarity index 100%
rename from windows/configuration/images/icd-step3.PNG
rename to windows/configuration/images/icd-step3.png
diff --git a/windows/configuration/images/icd-step4.PNG b/windows/configuration/images/icd-step4.png
similarity index 100%
rename from windows/configuration/images/icd-step4.PNG
rename to windows/configuration/images/icd-step4.png
diff --git a/windows/configuration/images/icd-step5.PNG b/windows/configuration/images/icd-step5.png
similarity index 100%
rename from windows/configuration/images/icd-step5.PNG
rename to windows/configuration/images/icd-step5.png
diff --git a/windows/configuration/images/icd-switch.PNG b/windows/configuration/images/icd-switch.png
similarity index 100%
rename from windows/configuration/images/icd-switch.PNG
rename to windows/configuration/images/icd-switch.png
diff --git a/windows/configuration/images/icons/accessibility.svg b/windows/configuration/images/icons/accessibility.svg
new file mode 100644
index 0000000000..21a6b4f235
--- /dev/null
+++ b/windows/configuration/images/icons/accessibility.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/configuration/images/icons/windows-os.svg b/windows/configuration/images/icons/windows-os.svg
new file mode 100644
index 0000000000..da64baf975
--- /dev/null
+++ b/windows/configuration/images/icons/windows-os.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/configuration/images/kiosk-account-details.PNG b/windows/configuration/images/kiosk-account-details.png
similarity index 100%
rename from windows/configuration/images/kiosk-account-details.PNG
rename to windows/configuration/images/kiosk-account-details.png
diff --git a/windows/configuration/images/kiosk-common-details.PNG b/windows/configuration/images/kiosk-common-details.png
similarity index 100%
rename from windows/configuration/images/kiosk-common-details.PNG
rename to windows/configuration/images/kiosk-common-details.png
diff --git a/windows/configuration/images/kiosk-desktop.PNG b/windows/configuration/images/kiosk-desktop.png
similarity index 100%
rename from windows/configuration/images/kiosk-desktop.PNG
rename to windows/configuration/images/kiosk-desktop.png
diff --git a/windows/configuration/images/kiosk-fullscreen.PNG b/windows/configuration/images/kiosk-fullscreen.png
similarity index 100%
rename from windows/configuration/images/kiosk-fullscreen.PNG
rename to windows/configuration/images/kiosk-fullscreen.png
diff --git a/windows/configuration/images/kiosk-settings.PNG b/windows/configuration/images/kiosk-settings.png
similarity index 100%
rename from windows/configuration/images/kiosk-settings.PNG
rename to windows/configuration/images/kiosk-settings.png
diff --git a/windows/configuration/images/kiosk.png b/windows/configuration/images/kiosk.png
deleted file mode 100644
index 868ea31bb1..0000000000
Binary files a/windows/configuration/images/kiosk.png and /dev/null differ
diff --git a/windows/configuration/images/office-logo.png b/windows/configuration/images/office-logo.png
deleted file mode 100644
index cd6d504301..0000000000
Binary files a/windows/configuration/images/office-logo.png and /dev/null differ
diff --git a/windows/configuration/images/set-up-device-details-desktop.PNG b/windows/configuration/images/set-up-device-details-desktop.png
similarity index 100%
rename from windows/configuration/images/set-up-device-details-desktop.PNG
rename to windows/configuration/images/set-up-device-details-desktop.png
diff --git a/windows/configuration/images/set-up-device-details.PNG b/windows/configuration/images/set-up-device-details.png
similarity index 100%
rename from windows/configuration/images/set-up-device-details.PNG
rename to windows/configuration/images/set-up-device-details.png
diff --git a/windows/configuration/images/set-up-network-details-desktop.PNG b/windows/configuration/images/set-up-network-details-desktop.png
similarity index 100%
rename from windows/configuration/images/set-up-network-details-desktop.PNG
rename to windows/configuration/images/set-up-network-details-desktop.png
diff --git a/windows/configuration/images/set-up-network-details.PNG b/windows/configuration/images/set-up-network-details.png
similarity index 100%
rename from windows/configuration/images/set-up-network-details.PNG
rename to windows/configuration/images/set-up-network-details.png
diff --git a/windows/configuration/images/user.PNG b/windows/configuration/images/user.png
similarity index 100%
rename from windows/configuration/images/user.PNG
rename to windows/configuration/images/user.png
diff --git a/windows/configuration/images/wcd-app-commands.PNG b/windows/configuration/images/wcd-app-commands.png
similarity index 100%
rename from windows/configuration/images/wcd-app-commands.PNG
rename to windows/configuration/images/wcd-app-commands.png
diff --git a/windows/configuration/images/wcd-app-name.PNG b/windows/configuration/images/wcd-app-name.png
similarity index 100%
rename from windows/configuration/images/wcd-app-name.PNG
rename to windows/configuration/images/wcd-app-name.png
diff --git a/windows/configuration/images/windows.png b/windows/configuration/images/windows.png
deleted file mode 100644
index e3889eff6a..0000000000
Binary files a/windows/configuration/images/windows.png and /dev/null differ
diff --git a/windows/configuration/includes/insider-note.md b/windows/configuration/includes/insider-note.md
index a1160f8047..f0018a1d2b 100644
--- a/windows/configuration/includes/insider-note.md
+++ b/windows/configuration/includes/insider-note.md
@@ -7,7 +7,7 @@ ms.date: 01/11/2024
:::row:::
:::column span="1":::
-:::image type="content" source="../images/insider.png" alt-text="Logo of Windows Insider." border="false":::
+:::image type="content" source="insider.png" alt-text="Logo of Windows Insider." border="false":::
:::column-end:::
:::column span="3":::
> [!IMPORTANT]
diff --git a/windows/configuration/images/insider.png b/windows/configuration/includes/insider.png
similarity index 100%
rename from windows/configuration/images/insider.png
rename to windows/configuration/includes/insider.png
diff --git a/windows/configuration/includes/multi-app-kiosk-support-windows11.md b/windows/configuration/includes/multi-app-kiosk-support-windows11.md
deleted file mode 100644
index 10bfe16e1d..0000000000
--- a/windows/configuration/includes/multi-app-kiosk-support-windows11.md
+++ /dev/null
@@ -1,11 +0,0 @@
----
-author: aczechowski
-ms.author: aaroncz
-ms.date: 09/21/2021
-ms.reviewer:
-manager: aaroncz
-ms.service: windows-client
-ms.topic: include
----
-
-Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.
diff --git a/windows/configuration/index.yml b/windows/configuration/index.yml
index 4bcaa16c51..334a6aeec9 100644
--- a/windows/configuration/index.yml
+++ b/windows/configuration/index.yml
@@ -1,5 +1,4 @@
### YamlMime:Landing
-
title: Configure Windows client # < 60 chars
summary: Find out how to apply custom configurations to Windows client devices. # < 160 chars
@@ -7,15 +6,13 @@ metadata:
title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
description: Find out how to apply custom configurations to Windows client devices. # Required; article description that is displayed in search results. < 160 chars.
ms.topic: landing-page # Required
- ms.prod: windows-client
ms.collection:
- tier1
author: aczechowski
ms.author: aaroncz
manager: aaroncz
ms.date: 12/20/2023
- localization_priority: medium
-
+
# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
landingContent:
@@ -35,7 +32,6 @@ landingContent:
- text: Accessibility information for IT pros
url: windows-accessibility-for-itpros.md
-
# Card (optional)
- title: Configure a Windows kiosk
linkLists:
@@ -50,7 +46,6 @@ landingContent:
- text: Manage multi-user and guest devices
url: shared-devices-concepts.md
-
# Card (optional)
- title: Use provisioning packages
linkLists:
@@ -86,7 +81,8 @@ landingContent:
links:
- text: Configure Cortana in Windows 10
url: cortana-at-work/cortana-at-work-overview.md
- - text: Custom voice commands in Cortana
+ - text: Custom voice commands in Cortana
+
url: cortana-at-work/cortana-at-work-voice-commands.md
# Card (optional)
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
deleted file mode 100644
index 91f7ece2cf..0000000000
--- a/windows/configuration/kiosk-additional-reference.md
+++ /dev/null
@@ -1,36 +0,0 @@
----
-title: More kiosk methods and reference information (Windows 10/11)
-description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.topic: reference
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# More kiosk methods and reference information
-
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-
-## In this section
-
-Topic | Description
---- | ---
-[Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app.
-[Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk.
-[Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience.
-[Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk.
-[Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration.
-[Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps.
-[Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
-[Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-[Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration.
\ No newline at end of file
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
deleted file mode 100644
index d722a89cf2..0000000000
--- a/windows/configuration/kiosk-methods.md
+++ /dev/null
@@ -1,117 +0,0 @@
----
-title: Configure kiosks and digital signs on Windows 10/11 desktop editions
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: lizgt2000
-ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Configure kiosks and digital signs on Windows desktop editions
-
->[!WARNING]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
-
-- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app launches automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart.
-
- A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk doesn't run above the lock screen.
-
- 
-
-- **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types.
-
- A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that affects **all** non-administrator users on the device.
-
- 
-
-Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user.
-
-There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
-
-- **Which type of app will your kiosk run?**
-
- 
-
- Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
-
-- **Which type of kiosk do you need?**
-
- 
-
- If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
-
-- **Which edition of Windows client will the kiosk run?**
-
- 
-
- All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home.
-
-- **Which type of user account will be the kiosk account?**
-
- 
-
- The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.
-
-
->[!IMPORTANT]
->Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
-
-[!INCLUDE [assigned-access-kiosk-mode](../../includes/licensing/assigned-access-kiosk-mode.md)]
-
-## Methods for a single-app kiosk running a UWP app
-
-You can use this method | For this edition | For this kiosk account type
---- | --- | ---
-[Assigned access in Settings](kiosk-single-app.md#local) | Pro, Ent, Edu | Local standard user
-[Assigned access cmdlets](kiosk-single-app.md#powershell) | Pro, Ent, Edu | Local standard user
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
-[Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-
-
-
-## Methods for a single-app kiosk running a Windows desktop application
-
-You can use this method | For this edition | For this kiosk account type
---- | --- | ---
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
-[Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-
-
-
-## Methods for a multi-app kiosk
-
-You can use this method | For this edition | For this kiosk account type
---- | --- | ---
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-[Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Microsoft Entra ID
-[MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-
-## Summary of kiosk configuration methods
-
-Method | App type | Account type | Single-app kiosk | Multi-app kiosk
---- | --- | --- | :---: | :---:
-[Assigned access in Settings](kiosk-single-app.md#local) | UWP | Local account | ✔️ |
-[Assigned access cmdlets](kiosk-single-app.md#powershell) | UWP | Local account | ✔️ |
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ |
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ | ✔️
-Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Microsoft Entra ID | ✔️ | ✔️
-[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ |
-[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | | ✔️
-
-
->[!NOTE]
->For devices running Windows client Enterprise and Education, you can also use [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) or [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps.
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
deleted file mode 100644
index 9e599f8790..0000000000
--- a/windows/configuration/kiosk-policies.md
+++ /dev/null
@@ -1,80 +0,0 @@
----
-title: Policies enforced on kiosk devices (Windows 10/11)
-description: Learn about the policies enforced on a device when you configure it as a kiosk.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.author: lizlong
-ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Policies enforced on kiosk devices
-
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-
-
-It isn't recommended to set policies enforced in assigned access kiosk mode to different values using other channels, as the kiosk mode has been optimized to provide a locked-down experience.
-
-When the assigned access kiosk configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
-
-
-## Group Policy
-
-The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. These users include local users, domain users, and Microsoft Entra users.
-
-| Setting | Value |
-| --- | --- |
-Remove access to the context menus for the task bar | Enabled
-Clear history of recently opened documents on exit | Enabled
-Prevent users from customizing their Start Screen | Enabled
-Prevent users from uninstalling applications from Start | Enabled
-Remove Run menu from Start Menu | Enabled
-Disable showing balloon notifications as toast | Enabled
-Do not allow pinning items in Jump Lists | Enabled
-Do not allow pinning programs to the Taskbar | Enabled
-Do not display or track items in Jump Lists from remote locations | Enabled
-Remove Notifications and Action Center | Enabled
-Lock all taskbar settings | Enabled
-Lock the Taskbar | Enabled
-Prevent users from adding or removing toolbars | Enabled
-Prevent users from resizing the taskbar | Enabled
-Remove frequent programs list from the Start Menu | Enabled
-Remove Pinned programs from the taskbar | Enabled
-Remove the Security and Maintenance icon | Enabled
-Turn off all balloon notifications | Enabled
-Turn off feature advertisement balloon notifications | Enabled
-Turn off toast notifications | Enabled
-Remove Task Manager | Enabled
-Remove Change Password option in Security Options UI | Enabled
-Remove Sign Out option in Security Options UI | Enabled
-Remove All Programs list from the Start Menu | Enabled – Remove and disable setting
-Prevent access to drives from My Computer | Enabled - Restrict all drives
-
->[!NOTE]
->When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
-
-
-
-## MDM policy
-
-
-Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (that is, system-wide impact).
-
-Setting | Value | System-wide
- --- | --- | ---
-[Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | 0 - Not allowed | Yes
-[Start/AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes
-Start/HidePeopleBar | 1 - True (hide) | No
-[Start/HideChangeAccountSettings](/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes
-[WindowsInkWorkspace/AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace) | 0 - Access to ink workspace is disabled and the feature is turned off | Yes
-[Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout) | Configuration dependent | No
-[WindowsLogon/DontDisplayNetworkSelectionUI](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes
diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app.md
similarity index 93%
rename from windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
rename to windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app.md
index 5b78101494..862316c47b 100644
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app.md
@@ -1,12 +1,10 @@
---
title: Find the Application User Model ID of an installed app
-ms.reviewer: sybruckm
description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device.
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
ms.date: 12/31/2017
---
+
# Find the Application User Model ID of an installed app
To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device. You can find the AUMID by using Windows PowerShell, File Explorer, or the registry.
@@ -43,10 +41,8 @@ You can add the `-user ` or the `-allusers` parameters to the **Get-Ap
To get the names and AUMIDs for all apps installed for the current user, perform the following steps:
1. Open **Run**, enter **shell:Appsfolder**, and select **OK**.
-
-2. A File Explorer window opens. Press **Alt** > **View** > **Choose details**.
-
-3. In the **Choose Details** window, select **AppUserModelId**, and then select **OK**. (You might need to change the **View** setting from **Tiles** to **Details**.)
+1. A File Explorer window opens. Press **Alt** > **View** > **Choose details**.
+1. In the **Choose Details** window, select **AppUserModelId**, and then select **OK**. (You might need to change the **View** setting from **Tiles** to **Details**.)
@@ -56,7 +52,9 @@ Querying the registry can only return information about Microsoft Store apps tha
At a command prompt, type the following command:
-`reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"`
+```cmd
+reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"
+```
### Example to get AUMIDs of the installed apps for the specified user
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/kiosk/guidelines-for-assigned-access-app.md
similarity index 50%
rename from windows/configuration/guidelines-for-assigned-access-app.md
rename to windows/configuration/kiosk/guidelines-for-assigned-access-app.md
index 95bcd1a788..4ed078e5e1 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/kiosk/guidelines-for-assigned-access-app.md
@@ -1,166 +1,145 @@
---
title: Guidelines for choosing an app for assigned access
description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.reviewer: sybruckm
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Guidelines for choosing an app for assigned access (kiosk mode)
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
-You can use assigned access to restrict customers at your business to using only one Windows app so your device acts like a kiosk. Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience.
+Use assigned access to restrict users to use only one application, so that the device acts like a kiosk. Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience.
The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
## General guidelines
-- Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](/windows/client-management/mdm/enterprise-app-management#install_your_apps).
-
-- Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this change happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch.
-
+- Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](/windows/client-management/mdm/enterprise-app-management#install_your_apps).
+- Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this change happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch.
- Apps that are generated using the [Desktop App Converter (Desktop Bridge)](/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) can't be used as kiosk apps.
-
-
-
## Guidelines for Windows apps that launch other apps
-Some Windows apps can launch other apps. Assigned access prevents Windows apps from launching other apps.
+Some apps can launch other apps. Assigned access prevents Windows apps from launching other apps.
-Avoid selecting Windows apps that are designed to launch other apps as part of their core functionality.
+Avoid selecting Windows apps that are designed to launch other apps as part of their core functionality.
## Guidelines for web browsers
-Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
+Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
-In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren't allowed to go to a competitor's website.
+In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren't allowed to go to a competitor's website.
>[!NOTE]
>Kiosk Browser supports a single tab. If a website has links that open a new tab, those links will not work with Kiosk Browser. Kiosk Browser does not support .pdfs.
>
>Kiosk Browser can't access intranet websites.
-
**Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education) and Windows 11.
1. [Get **Kiosk Browser** in Microsoft Store for Business with offline license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
-2. [Deploy **Kiosk Browser** to kiosk devices.](/microsoft-store/distribute-offline-apps)
-3. Configure policies using settings from the Policy Configuration Service Provider (CSP) for [KioskBrowser](/windows/client-management/mdm/policy-csp-kioskbrowser). These settings can be configured using your MDM service provider, or [in a provisioning package](provisioning-packages/provisioning-create-package.md). In Windows Configuration Designer, the settings are located in **Policies > KioskBrowser** when you select advanced provisioning for Windows desktop editions.
+1. [Deploy **Kiosk Browser** to kiosk devices.](/microsoft-store/distribute-offline-apps)
+1. Configure policies using settings from the Policy Configuration Service Provider (CSP) for [KioskBrowser](/windows/client-management/mdm/policy-csp-kioskbrowser). These settings can be configured using your MDM service provider, or [in a provisioning package](../provisioning-packages/provisioning-create-package.md). In Windows Configuration Designer, the settings are located in **Policies > KioskBrowser** when you select advanced provisioning for Windows desktop editions.
>[!NOTE]
>If you configure the kiosk using a provisioning package, you must apply the provisioning package after the device completes the out-of-box experience (OOBE).
### Kiosk Browser settings
-Kiosk Browser settings | Use this setting to
---- | ---
-Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.
For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs.
-Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
-Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
-Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL.
-Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
-Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
-Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
+| Kiosk Browser settings | Use this setting to |
+|--|--|
+| Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.
For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs. |
+| Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. |
+| Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. |
+| Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL. |
+| Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. |
+| Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. |
+| Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. |
+
+To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+
+1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18)
+1. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com)
+1. Save the XML file
+1. Open the project again in Windows Configuration Designer
+1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed
-> [!IMPORTANT]
-> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
->
-> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com).
-> 4. Save the XML file.
-> 5. Open the project again in Windows Configuration Designer.
-> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
->
->
> [!TIP]
+>
> To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](/intune/custom-settings-windows-10) with the following information:
+>
> - OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton
> - Data type: Integer
> - Value: 1
-
#### Rules for URLs in Kiosk Browser settings
Kiosk Browser filtering rules are based on the [Chromium Project](https://www.chromium.org/Home).
URLs can include:
+
- A valid port value from 1 to 65,535.
- The path to the resource.
- Query parameters.
More guidelines for URLs:
-- If a period precedes the host, the policy filters exact host matches only.
-- You can't use user:pass fields.
-- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence.
-- The policy searches wildcards (*) last.
-- The optional query is a set of key-value and key-only tokens delimited by '&'.
-- Key-value tokens are separated by '='.
-- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching.
+- If a period precedes the host, the policy filters exact host matches only
+- You can't use user:pass fields
+- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence
+- The policy searches wildcards (*) last
+- The optional query is a set of key-value and key-only tokens delimited by '&'
+- Key-value tokens are separated by '='
+- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching
### Examples of blocked URLs and exceptions
The following table describes the results for different combinations of blocked URLs and blocked URL exceptions.
-Blocked URL rule | Block URL exception rule | Result
---- | --- | ---
-`*` | `contoso.com` `fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains.
-`contoso.com` | `mail.contoso.com` `.contoso.com` `.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain.
-`youtube.com` | `youtube.com/watch?v=v1` `youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2).
+| Blocked URL rule | Block URL exception rule | Result |
+|--|--|--|
+| `*` | `contoso.com` `fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains. |
+| `contoso.com` | `mail.contoso.com` `.contoso.com` `.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain. |
+| `youtube.com` | `youtube.com/watch?v=v1` `youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2). |
-The following table gives examples for blocked URLs.
+The following table gives examples for blocked URLs.
-
-| Entry | Result |
-|--------------------------|-------------------------------------------------------------------------------|
-| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
-| `https://*` | Blocks all HTTPS requests to any domain. |
-| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
-| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. |
-| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. |
-| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
-| `*:8080` | Blocks all requests to port 8080. |
-| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
-| `192.168.1.2` | Blocks requests to 192.168.1.2. |
-| `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
+| Entry | Result |
+|--|--|
+| `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
+| `https://*` | Blocks all HTTPS requests to any domain. |
+| `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
+| `.contoso.com` | Blocks contoso.com but not its subdomains, like subdomain.contoso.com. |
+| `.www.contoso.com` | Blocks www.contoso.com but not its subdomains. |
+| `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
+| `*:8080` | Blocks all requests to port 8080. |
+| `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
+| `192.168.1.2` | Blocks requests to 192.168.1.1. |
+| `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
### Other browsers
-
-
You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
-- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
+
+- [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
- [WebView class](/uwp/api/Windows.UI.Xaml.Controls.WebView)
- [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0)
-
-
## Secure your information
Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.
## App configuration
-Some apps may require more configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
+Some apps may require more configurations before they can be used appropriately in assigned access. For example, Microsoft OneNote requires you to set up a Microsoft account for the assigned access user account before OneNote will open in assigned access.
-Check the guidelines published by your selected app and set up accordingly.
+Check the guidelines published by your selected app and set up accordingly.
## Develop your kiosk app
-Assigned access in Windows client uses the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
+Assigned access in Windows client uses the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above the lock screen. The kiosk app is running as an above lock screen app.
-Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access).
+Follow the [best practices guidance for developing a kiosk app for assigned access](/windows-hardware/drivers/partnerapps/create-a-kiosk-app-for-assigned-access).
## Test your assigned access experience
diff --git a/windows/configuration/kiosk/images/account-management-details.PNG b/windows/configuration/kiosk/images/account-management-details.PNG
new file mode 100644
index 0000000000..e4307d8f7b
Binary files /dev/null and b/windows/configuration/kiosk/images/account-management-details.PNG differ
diff --git a/windows/configuration/kiosk/images/add-applications-details.PNG b/windows/configuration/kiosk/images/add-applications-details.PNG
new file mode 100644
index 0000000000..2efd3483ae
Binary files /dev/null and b/windows/configuration/kiosk/images/add-applications-details.PNG differ
diff --git a/windows/configuration/kiosk/images/add-certificates-details.PNG b/windows/configuration/kiosk/images/add-certificates-details.PNG
new file mode 100644
index 0000000000..78cd783282
Binary files /dev/null and b/windows/configuration/kiosk/images/add-certificates-details.PNG differ
diff --git a/windows/configuration/images/apprule.png b/windows/configuration/kiosk/images/apprule.png
similarity index 100%
rename from windows/configuration/images/apprule.png
rename to windows/configuration/kiosk/images/apprule.png
diff --git a/windows/configuration/images/appwarning.png b/windows/configuration/kiosk/images/appwarning.png
similarity index 100%
rename from windows/configuration/images/appwarning.png
rename to windows/configuration/kiosk/images/appwarning.png
diff --git a/windows/configuration/images/aumid-file-explorer.png b/windows/configuration/kiosk/images/aumid-file-explorer.png
similarity index 100%
rename from windows/configuration/images/aumid-file-explorer.png
rename to windows/configuration/kiosk/images/aumid-file-explorer.png
diff --git a/windows/configuration/images/auto-signin.png b/windows/configuration/kiosk/images/auto-signin.png
similarity index 100%
rename from windows/configuration/images/auto-signin.png
rename to windows/configuration/kiosk/images/auto-signin.png
diff --git a/windows/configuration/images/enable-assigned-access-log.png b/windows/configuration/kiosk/images/enable-assigned-access-log.png
similarity index 100%
rename from windows/configuration/images/enable-assigned-access-log.png
rename to windows/configuration/kiosk/images/enable-assigned-access-log.png
diff --git a/windows/configuration/images/finish-details.png b/windows/configuration/kiosk/images/finish-details.png
similarity index 100%
rename from windows/configuration/images/finish-details.png
rename to windows/configuration/kiosk/images/finish-details.png
diff --git a/windows/configuration/images/genrule.png b/windows/configuration/kiosk/images/genrule.png
similarity index 100%
rename from windows/configuration/images/genrule.png
rename to windows/configuration/kiosk/images/genrule.png
diff --git a/windows/configuration/kiosk/images/kiosk-account-details.PNG b/windows/configuration/kiosk/images/kiosk-account-details.PNG
new file mode 100644
index 0000000000..53c31880ea
Binary files /dev/null and b/windows/configuration/kiosk/images/kiosk-account-details.PNG differ
diff --git a/windows/configuration/kiosk/images/kiosk-common-details.PNG b/windows/configuration/kiosk/images/kiosk-common-details.PNG
new file mode 100644
index 0000000000..5eda9b293e
Binary files /dev/null and b/windows/configuration/kiosk/images/kiosk-common-details.PNG differ
diff --git a/windows/configuration/images/kiosk-fullscreen-sm.png b/windows/configuration/kiosk/images/kiosk-fullscreen-sm.png
similarity index 100%
rename from windows/configuration/images/kiosk-fullscreen-sm.png
rename to windows/configuration/kiosk/images/kiosk-fullscreen-sm.png
diff --git a/windows/configuration/kiosk/images/kiosk-settings.PNG b/windows/configuration/kiosk/images/kiosk-settings.PNG
new file mode 100644
index 0000000000..51a4338371
Binary files /dev/null and b/windows/configuration/kiosk/images/kiosk-settings.PNG differ
diff --git a/windows/configuration/images/kiosk-wizard.png b/windows/configuration/kiosk/images/kiosk-wizard.png
similarity index 100%
rename from windows/configuration/images/kiosk-wizard.png
rename to windows/configuration/kiosk/images/kiosk-wizard.png
diff --git a/windows/configuration/images/lockdownapps.png b/windows/configuration/kiosk/images/lockdownapps.png
similarity index 100%
rename from windows/configuration/images/lockdownapps.png
rename to windows/configuration/kiosk/images/lockdownapps.png
diff --git a/windows/configuration/images/multiappassignedaccesssettings.png b/windows/configuration/kiosk/images/multiappassignedaccesssettings.png
similarity index 100%
rename from windows/configuration/images/multiappassignedaccesssettings.png
rename to windows/configuration/kiosk/images/multiappassignedaccesssettings.png
diff --git a/windows/configuration/images/profile-config.png b/windows/configuration/kiosk/images/profile-config.png
similarity index 100%
rename from windows/configuration/images/profile-config.png
rename to windows/configuration/kiosk/images/profile-config.png
diff --git a/windows/configuration/images/sample-start.png b/windows/configuration/kiosk/images/sample-start.png
similarity index 100%
rename from windows/configuration/images/sample-start.png
rename to windows/configuration/kiosk/images/sample-start.png
diff --git a/windows/configuration/images/set-assignedaccess.png b/windows/configuration/kiosk/images/set-assignedaccess.png
similarity index 100%
rename from windows/configuration/images/set-assignedaccess.png
rename to windows/configuration/kiosk/images/set-assignedaccess.png
diff --git a/windows/configuration/kiosk/images/set-up-device-details.PNG b/windows/configuration/kiosk/images/set-up-device-details.PNG
new file mode 100644
index 0000000000..031dac6fe6
Binary files /dev/null and b/windows/configuration/kiosk/images/set-up-device-details.PNG differ
diff --git a/windows/configuration/kiosk/images/set-up-network-details.PNG b/windows/configuration/kiosk/images/set-up-network-details.PNG
new file mode 100644
index 0000000000..778b8497c4
Binary files /dev/null and b/windows/configuration/kiosk/images/set-up-network-details.PNG differ
diff --git a/windows/configuration/images/slv2-oma-uri.png b/windows/configuration/kiosk/images/slv2-oma-uri.png
similarity index 100%
rename from windows/configuration/images/slv2-oma-uri.png
rename to windows/configuration/kiosk/images/slv2-oma-uri.png
diff --git a/windows/configuration/images/vm-kiosk-connect.png b/windows/configuration/kiosk/images/vm-kiosk-connect.png
similarity index 100%
rename from windows/configuration/images/vm-kiosk-connect.png
rename to windows/configuration/kiosk/images/vm-kiosk-connect.png
diff --git a/windows/configuration/images/vm-kiosk.png b/windows/configuration/kiosk/images/vm-kiosk.png
similarity index 100%
rename from windows/configuration/images/vm-kiosk.png
rename to windows/configuration/kiosk/images/vm-kiosk.png
diff --git a/windows/configuration/kiosk/kiosk-additional-reference.md b/windows/configuration/kiosk/kiosk-additional-reference.md
new file mode 100644
index 0000000000..d652bf9874
--- /dev/null
+++ b/windows/configuration/kiosk/kiosk-additional-reference.md
@@ -0,0 +1,22 @@
+---
+title: More kiosk methods and reference information
+description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
+ms.topic: reference
+ms.date: 12/31/2017
+---
+
+# More kiosk methods and reference information
+
+## In this section
+
+| Topic | Description |
+|--|--|
+| [Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app. |
+| [Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk. |
+| [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience. |
+| [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk. |
+| [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration. |
+| [Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps. |
+| [Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. |
+| [Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. |
+| [Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration. |
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk/kiosk-mdm-bridge.md
similarity index 74%
rename from windows/configuration/kiosk-mdm-bridge.md
rename to windows/configuration/kiosk/kiosk-mdm-bridge.md
index 4b2f8a1fe8..7725923709 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk/kiosk-mdm-bridge.md
@@ -1,42 +1,30 @@
---
-title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
+title: Use MDM Bridge WMI Provider to create a Windows kiosk
description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 1/26/2024
+zone_pivot_groups: windows-versions-11-10
+appliesto:
---
# Use MDM Bridge WMI Provider to create a Windows client kiosk
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
+Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
Here's an example to set AssignedAccess configuration:
-1. Download the [psexec tool](/sysinternals/downloads/psexec).
-2. Run `psexec.exe -i -s cmd.exe`.
-3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell.
+1. [Download PsTools][PSTools]
+1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe`
+1. In the PowerShell session launched by `psexec.exe`, execute the following script:
-Step 4 is different for Windows 10 or Windows 11
+::: zone pivot="windows-10"
-4. Execute the following script for Windows 10:
-
-```xml
+```PowerShell
$nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
Add-Type -AssemblyName System.Web
+
$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
@@ -90,46 +78,48 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
Set-CimInstance -CimInstance $obj
```
-4. Execute the following script for Windows 11:
- ```xml
+::: zone-end
+
+::: zone pivot="windows-11"
+
+ ```PowerShell
$nameSpaceName="root\cimv2\mdm\dmmap"
$className="MDM_AssignedAccess"
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
Add-Type -AssemblyName System.Web
-$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
+$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
-
+
-
+
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-
-
+
@@ -137,8 +127,17 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
-
+
"@)
Set-CimInstance -CimInstance $obj
-```
\ No newline at end of file
+```
+
+::: zone-end
+
+For more information, see [Using PowerShell scripting with the WMI Bridge Provider][WIN-1].
+
+
+
+[WIN-1]: /windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider
+[PsTools]: https://download.sysinternals.com/files/PSTools.zip
diff --git a/windows/configuration/kiosk/kiosk-methods.md b/windows/configuration/kiosk/kiosk-methods.md
new file mode 100644
index 0000000000..6db61a28ec
--- /dev/null
+++ b/windows/configuration/kiosk/kiosk-methods.md
@@ -0,0 +1,76 @@
+---
+title: Configure kiosks and digital signs on Windows 10/11 desktop editions
+description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
+ms.topic: article
+ms.date: 12/31/2017
+---
+
+# Configure kiosks and digital signs on Windows desktop editions
+
+Organization may want to set up special purpose devices, such as a device in the lobby that customers can use to view product catalogs, or a device displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
+
+- Single-app kiosk: runs a single Universal Windows Platform (UWP) application in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app launches automatically. If the kiosk app is closed, it will automatically restart
+- Multi-app kiosk: runs one or more applications from the desktop. People using the kiosk see a customized Start menu that shows only the apps that are allowed to execute. With this approach, you can configure a locked-down experience for different account types
+
+A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user signs in. This type of single-app kiosk doesn't run above the lock screen.
+
+A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that affects **all** non-administrator users on the device.
+
+Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user.
+
+There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
+
+- **Which type of app will your kiosk run?**
+ Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
+- **Which type of kiosk do you need?**
+ If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a Windows desktop application. For a kiosk that people can sign in to with their accounts or that runs more than one app, choose a multi-app kiosk
+- **Which edition of Windows client will the kiosk run?**
+ All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home
+- **Which type of user account will be the kiosk account?**
+ The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method
+
+>[!IMPORTANT]
+>Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
+[!INCLUDE [assigned-access-kiosk-mode](../../../includes/licensing/assigned-access-kiosk-mode.md)]
+
+## Methods for a single-app kiosk running a UWP app
+
+| You can use this method | For this edition | For this kiosk account type |
+|--|--|--|
+| [Assigned access in Settings](kiosk-single-app.md) | Pro, Ent, Edu | Local standard user |
+| [Assigned access cmdlets](kiosk-single-app.md) | Pro, Ent, Edu | Local standard user |
+| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+| [Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID |
+| [Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+
+## Methods for a single-app kiosk running a Windows desktop application
+
+| You can use this method | For this edition | For this kiosk account type |
+|--|--|--|
+| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+| [Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID |
+| [Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+
+## Methods for a multi-app kiosk
+
+| You can use this method | For this edition | For this kiosk account type |
+|--|--|--|
+| [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+| [Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Microsoft Entra ID |
+| [MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+
+## Summary of kiosk configuration methods
+
+| Method | App type | Account type | Single-app kiosk | Multi-app kiosk |
+|--|--|--|:-:|:-:|
+| [Assigned access in Settings](kiosk-single-app.md) | UWP | Local account | ✅ |
+| [Assigned access cmdlets](kiosk-single-app.md) | UWP | Local account | ✅ |
+| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ |
+| [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ | ✅ |
+| Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Microsoft Entra ID | ✅ | ✅ |
+| [Shell Launcher](kiosk-shelllauncher.md) | Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ |
+| [MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | | ✅ |
+
+>[!NOTE]
+>For devices running Windows client Enterprise and Education, you can also use [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) or [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps.
diff --git a/windows/configuration/kiosk/kiosk-policies.md b/windows/configuration/kiosk/kiosk-policies.md
new file mode 100644
index 0000000000..3ab125b892
--- /dev/null
+++ b/windows/configuration/kiosk/kiosk-policies.md
@@ -0,0 +1,98 @@
+---
+title: Policies enforced on kiosk devices
+description: Learn about the policies enforced on a device when you configure it as a kiosk.
+ms.topic: article
+ms.date: 12/31/2017
+---
+
+# Policies enforced on kiosk devices
+
+It isn't recommended to set policies enforced in assigned access kiosk mode to different values using other channels, as the kiosk mode has been optimized to provide a locked-down experience.
+
+When the assigned access kiosk configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
+
+## Group Policy
+
+The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not. These users include local users, domain users, and Microsoft Entra users.
+
+| Setting | Value |
+|--|--|
+| Remove access to the context menus for the task bar | Enabled |
+| Clear history of recently opened documents on exit | Enabled |
+| Prevent users from customizing their Start Screen | Enabled |
+| Prevent users from uninstalling applications from Start | Enabled |
+| Remove Run menu from Start Menu | Enabled |
+| Disable showing balloon notifications as toast | Enabled |
+| Do not allow pinning items in Jump Lists | Enabled |
+| Do not allow pinning programs to the Taskbar | Enabled |
+| Do not display or track items in Jump Lists from remote locations | Enabled |
+| Remove Notifications and Action Center | Enabled |
+| Lock all taskbar settings | Enabled |
+| Lock the Taskbar | Enabled |
+| Prevent users from adding or removing toolbars | Enabled |
+| Prevent users from resizing the taskbar | Enabled |
+| Remove frequent programs list from the Start Menu | Enabled |
+| Remove Pinned programs from the taskbar | Enabled |
+| Remove the Security and Maintenance icon | Enabled |
+| Turn off all balloon notifications | Enabled |
+| Turn off feature advertisement balloon notifications | Enabled |
+| Turn off toast notifications | Enabled |
+| Remove Task Manager | Enabled |
+| Remove Change Password option in Security Options UI | Enabled |
+| Remove Sign Out option in Security Options UI | Enabled |
+| Remove All Programs list from the Start Menu | Enabled - Remove and disable setting |
+| Prevent access to drives from My Computer | Enabled - Restrict all drives |
+
+>[!NOTE]
+>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
+
+## MDM policy
+
+Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (that is, system-wide impact).
+
+| Setting | Value | System-wide |
+|--|--|--|
+| [Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | 0 - Not allowed | Yes |
+| [Start/AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes |
+| Start/HidePeopleBar | 1 - True (hide) | No |
+| [Start/HideChangeAccountSettings](/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes |
+| [WindowsInkWorkspace/AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace) | 0 - Access to ink workspace is disabled and the feature is turned off | Yes |
+| [Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout) | Configuration dependent | No |
+| [WindowsLogon/DontDisplayNetworkSelectionUI](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes |
+
+
+
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk/kiosk-prepare.md
similarity index 89%
rename from windows/configuration/kiosk-prepare.md
rename to windows/configuration/kiosk/kiosk-prepare.md
index 05323a4d02..cf393573ad 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk/kiosk-prepare.md
@@ -1,27 +1,12 @@
---
title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
ms.topic: article
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Prepare a device for kiosk configuration
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-
-
## Before you begin
- [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
@@ -43,16 +28,14 @@ For a more secure kiosk experience, we recommend that you make the following con
- **Hide update notifications**. Starting with Windows 10 version 1809, you can hide notifications from showing on the devices. To enable this feature, you have the following options:
- **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Display options for update notifications`
-
- **Use an MDM provider**: This feature uses the [Update/UpdateNotificationLevel CSP](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel). In Intune, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
- **Use the registry**:
1. Open Registry Editor (regedit).
- 2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`.
- 3. Create a **New** > **DWORD (32-bit) Value**. Enter `SetUpdateNotificationLevel`, and set its value to `1`.
- 4. Create a **New** > **DWORD (32-bit) Value**. Enter `UpdateNotificationLevel`. For value, you can enter:
-
+ 1. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`.
+ 1. Create a **New** > **DWORD (32-bit) Value**. Enter `SetUpdateNotificationLevel`, and set its value to `1`.
+ 1. Create a **New** > **DWORD (32-bit) Value**. Enter `UpdateNotificationLevel`. For value, you can enter:
- `1`: Hides all notifications except restart warnings.
- `2`: Hides all notifications, including restart warnings.
@@ -72,8 +55,8 @@ For a more secure kiosk experience, we recommend that you make the following con
- **Replace "blue screen" with blank screen for OS errors**. To enable this feature, use the Registry Editor:
1. Open Registry Editor (regedit).
- 2. Go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl`.
- 3. Create a **New** > **DWORD (32-bit) Value**. Enter `DisplayDisabled`, and set its value to `1`.
+ 1. Go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl`.
+ 1. Create a **New** > **DWORD (32-bit) Value**. Enter `DisplayDisabled`, and set its value to `1`.
- **Put device in "Tablet mode"**. If you want users to use the touch screen, without using a keyboard or mouse, then turn on tablet mode using the Settings app. If users won't interact with the kiosk, such as for a digital sign, then don't turn on this setting.
@@ -83,12 +66,12 @@ For a more secure kiosk experience, we recommend that you make the following con
- Use the **Settings** app:
1. Open the **Settings** app.
- 2. Go to **System** > **Tablet mode**.
- 3. Configure the settings you want.
+ 1. Go to **System** > **Tablet mode**.
+ 1. Configure the settings you want.
- Use the **Action Center**:
1. On your device, swipe in from the left.
- 2. Select **Tablet mode**.
+ 1. Select **Tablet mode**.
- **Hide "Ease of access" feature on the sign-in screen**: To enable this feature, you have the following options:
@@ -99,9 +82,9 @@ For a more secure kiosk experience, we recommend that you make the following con
- **Use the Settings app**:
1. Open the **Settings** app.
- 2. Go to **System** > **Power & Sleep** > **Additional power settings** > **Choose what the power button does**.
- 3. Select **Do nothing**.
- 4. **Save changes**.
+ 1. Go to **System** > **Power & Sleep** > **Additional power settings** > **Choose what the power button does**.
+ 1. Select **Do nothing**.
+ 1. **Save changes**.
- **Use Group Policy**: Your options:
@@ -139,10 +122,11 @@ For a more secure kiosk experience, we recommend that you make the following con
- **Disable the camera**: To enable this feature, you have the following options:
- - **Use the Settings app**:
+ - **Use the Settings app**:
+
1. Open the **Settings** app.
- 2. Go to **Privacy** > **Camera**.
- 3. Select **Allow apps use my camera** > **Off**.
+ 1. Go to **Privacy** > **Camera**.
+ 1. Select **Allow apps use my camera** > **Off**.
- **Use Group Policy**: `Computer Configuration\Administrative Templates\Windows Components\Camera: Allow use of camera`: Select **Disabled**.
@@ -158,8 +142,8 @@ For a more secure kiosk experience, we recommend that you make the following con
- **Use the Settings app**:
1. Open the **Settings** app.
- 2. Go to **System** > **Notifications & actions**.
- 3. In **Show notifications on the lock screen**, select **Off**.
+ 1. Go to **System** > **Notifications & actions**.
+ 1. In **Show notifications on the lock screen**, select **Off**.
- **Use Group policy**:
- `Computer Configuration\Administrative Templates\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
@@ -182,27 +166,16 @@ For a more secure kiosk experience, we recommend that you make the following con
- `\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
- **Disable removable media**: To enable this feature, you have the following options:
-
- **Use Group policy**: `Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions`. Review the available settings that apply to your situation.
-
To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
-
- **Use an MDM provider**: In Intune, you have the following options:
-
- [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): See the **Removable storage** setting, and more settings you can manage.
-
- [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following settings:
-
- `\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
-
To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
-
When looking at settings, check the supported OS for each setting to make sure it applies.
-
- [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
-
- - `\Administrative Templates\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
-
+ - `\Administrative Templates\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
## Enable logging
@@ -219,27 +192,23 @@ You may also want to set up **automatic logon** for your kiosk device. When your
> If you are using a Windows client device restriction CSP to set "Preferred Microsoft Entra tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
> [!TIP]
-> If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML.
+> If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML.
-
-**How to edit the registry to have an account sign in automatically**
+How to edit the registry to have an account sign in automatically:
1. Open Registry Editor (regedit.exe).
> [!NOTE]
> If you are not familiar with Registry Editor, [learn how to modify the Windows registry](/troubleshoot/windows-server/performance/windows-registry-advanced-users).
-
-
-2. Go to
- **HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\Windows NT\CurrentVersion\Winlogon**
+1. Go to
-3. Set the values for the following keys.
+ **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon**
+
+1. Set the values for the following keys.
- *AutoAdminLogon*: set value as **1**.
-
- *DefaultUserName*: set value as the account that you want signed in.
-
- *DefaultPassword*: set value as the password for the account.
> [!NOTE]
@@ -247,7 +216,7 @@ You may also want to set up **automatic logon** for your kiosk device. When your
- *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, don't add this key.
-4. Close Registry Editor. The next time the computer restarts, the account will sign in automatically.
+1. Close Registry Editor. The next time the computer restarts, the account will sign in automatically.
> [!TIP]
> You can also configure automatic sign-in [using the Autologon tool from Sysinternals](/sysinternals/downloads/autologon).
@@ -262,27 +231,27 @@ The following table describes some features that have interoperability issues we
- **Accessibility**: Assigned access doesn't change Ease of Access settings. We recommend that you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block the following key combinations that bring up accessibility features:
| Key combination | Blocked behavior |
- | --- | --- |
+ | --- | --- |
| Left Alt + Left Shift + Print Screen | Open High Contrast dialog box. |
| Left Alt + Left Shift + Num Lock | Open Mouse Keys dialog box. |
- | Windows logo key + U | Open Ease of Access Center. |
+ | Windows logo key + U | Open Ease of Access Center. |
- **Assigned access Windows PowerShell cmdlets**: In addition to using the Windows UI, you can use the Windows PowerShell cmdlets to set or clear assigned access. For more information, see [Assigned access Windows PowerShell reference](/powershell/module/assignedaccess/)
- **Key sequences blocked by assigned access**: When in assigned access, some key combinations are blocked for assigned access users.
- Alt + F4, Alt + Shift + Tab, Alt + Tab aren't blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
+ Alt + F4, Alt + Shift + Tab, Alt + Tab aren't blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
Ctrl + Alt + Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings).
| Key combination | Blocked behavior for assigned access users |
- | --- | --- |
- | Alt + Esc | Cycle through items in the reverse order from which they were opened. |
- | Ctrl + Alt + Esc | Cycle through items in the reverse order from which they were opened. |
- | Ctrl + Esc | Open the Start screen. |
- | Ctrl + F4 | Close the window. |
- | Ctrl + Shift + Esc | Open Task Manager. |
- | Ctrl + Tab | Switch windows within the application currently open. |
+ | --- | --- |
+ | Alt + Esc | Cycle through items in the reverse order from which they were opened. |
+ | Ctrl + Alt + Esc | Cycle through items in the reverse order from which they were opened. |
+ | Ctrl + Esc | Open the Start screen. |
+ | Ctrl + F4 | Close the window. |
+ | Ctrl + ShiftEsc | Open Task Manager. |
+ | Ctrl + Tab | Switch windows within the application currently open. |
| LaunchApp1 | Open the app that is assigned to this key. |
| LaunchApp2 | Open the app that is assigned to this key. On many Microsoft keyboards, the app is Calculator. |
| LaunchMail | Open the default mail client. |
@@ -291,30 +260,22 @@ The following table describes some features that have interoperability issues we
Keyboard Filter settings apply to other standard accounts.
- **Key sequences blocked by [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)**: If Keyboard Filter is turned ON, then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter).
-
[Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) is only available on Windows client Enterprise or Education.
-
- **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user can't turn off the device when it's in assigned access.
-
For more information on removing the power button or disabling the physical power button, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
-
- **Unified Write Filter (UWF)**: UWFsettings apply to all users, including users with assigned access.
-
For more information, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter).
-
- **WEDL_AssignedAccess class**: You can use this class to configure and manage basic lockdown features for assigned access. It's recommended to you use the Windows PowerShell cmdlets instead.
-
If you need to use assigned access API, see [WEDL_AssignedAccess](/windows-hardware/customize/enterprise/wedl-assignedaccess).
-
- **Welcome Screen**: Customizations for the Welcome screen let you personalize not only how the Welcome screen looks, but for how it functions. You can disable the power or language button, or remove all user interface elements. There are many options to make the Welcome screen your own.
- For more information, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
+For more information, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
## Testing your kiosk in a virtual machine (VM)
Customers sometimes use virtual machines (VMs) to test configurations before deploying those configurations to physical devices. If you use a VM to test your single-app kiosk configuration, you need to know how to connect to the VM properly.
-A single-app kiosk configuration runs an app above the lock screen. It doesn't work when it's accessed remotely, which includes *enhanced* sessions in Hyper-V.
+A single-app kiosk configuration runs an app above the lock screen. It doesn't work when it's accessed remotely, which includes *enhanced* sessions in Hyper-V.
When you connect to a VM configured as a single-app kiosk, you need a *basic* session rather than an enhanced session. In the following image, notice that **Enhanced session** isn't selected in the **View** menu; that means it's a basic session.
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk/kiosk-shelllauncher.md
similarity index 69%
rename from windows/configuration/kiosk-shelllauncher.md
rename to windows/configuration/kiosk/kiosk-shelllauncher.md
index 4bd3071b0d..0b6209673e 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk/kiosk-shelllauncher.md
@@ -1,28 +1,16 @@
---
-title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
-description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-configure
+title: Use Shell Launcher to create a kiosk experience
+description: Learn how to configure Shell Launcher to change the default Windows shell when a user signs in to a device.
+ms.topic: how-to
ms.date: 12/31/2017
---
# Use Shell Launcher to create a Windows client kiosk
-
-**Applies to**
-- Windows 10 Ent, Edu
-- Windows 11
-
-Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows client, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10 version 1809+ / Windows 11, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in Windows 10 version 1809, you need to install the [KB4551853](https://support.microsoft.com/help/4551853) update.
+Shell Launcher is a Windows feature that executes an application as the user interface, replacing the default Windows Explorer (`explorer.exe`).
>[!NOTE]
->Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components.
+>Shell Launcher controls which application the user sees as the shell after sign-in. It doesn't prevent the user from accessing other desktop applications and system components.
>
>Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to:
>- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools
@@ -31,30 +19,25 @@ Using Shell Launcher, you can configure a device that runs an application as the
You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). Starting with Windows 10 version 1803+, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
-
-## Differences between Shell Launcher v1 and Shell Launcher v2
-
-Shell Launcher v1 replaces `explorer.exe`, the default shell, with `eshell.exe` which can launch a Windows desktop application.
-
-Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new executable file can launch a Windows desktop application or a UWP app.
+Shell Launcher replaces `explorer.exe` with `customshellhost.exe`. This executable file can launch a Windows desktop application or a UWP app.
In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers additional enhancements:
+
- You can use a custom Windows desktop application that can then launch UWP apps, such as **Settings** and **Touch Keyboard**.
- From a custom UWP shell, you can launch secondary views and run on multiple monitors.
-- The custom shell app runs in full screen, and can run other apps in full screen on user’s demand.
+- The custom shell app runs in full screen, and can run other apps in full screen on user's demand.
For sample XML configurations for the different app combinations, see [Samples for Shell Launcher v2](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2).
## Requirements
>[!WARNING]
->- Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
>
->- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.
+>- Windows 10 doesn't support setting a custom shell prior to OOBE. If you do, you won't be able to deploy the resulting image.
+>- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.
-- A domain, Microsoft Entra ID, or local user account.
-
-- A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
+- A domain, Microsoft Entra ID, or local user account.
+- A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
[See the technical reference for the shell launcher component.](/windows-hardware/customize/enterprise/shell-launcher)
@@ -65,23 +48,20 @@ To set a custom shell, you first turn on the Shell Launcher feature, and then yo
**To turn on Shell Launcher in Windows features**
1. Go to Control Panel > **Programs and features** > **Turn Windows features on or off**.
-
-2. Expand **Device Lockdown**.
-
-2. Select **Shell Launcher** and **OK**.
+1. Expand **Device Lockdown**.
+1. Select **Shell Launcher** and **OK**.
Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using `SMISettings > ShellLauncher`, or you can use the Deployment Image Servicing and Management (DISM.exe) tool.
**To turn on Shell Launcher using DISM**
-1. Open a command prompt as an administrator.
-2. Enter the following command.
+1. Open a command prompt as an administrator.
+1. Enter the following command.
```
Dism /online /Enable-Feature /all /FeatureName:Client-EmbeddedShellLauncher
```
-
## Configure a custom shell in MDM
You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to configure Shell Launcher in MDM.
@@ -91,37 +71,37 @@ You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to confi
The following XML sample works for **Shell Launcher v1**:
```xml
-
-
-
-
-
-
-
+
+
+
+
+
+
+
-```
+```
-For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `v2:AppType` to specify the type, as shown in the following example. If `v2:AppType` is not specified, it implies the shell is Win32 app.
+For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `v2:AppType` to specify the type, as shown in the following example. If `v2:AppType` isn't specified, it implies the shell is Win32 app.
```xml
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
-```
+```
>[!TIP]
>In the XML for Shell Launcher v2, note the **AllAppsFullScreen** attribute. When set to **True**, Shell Launcher will run every app in full screen, or maximized for desktop apps. When this attribute is set to **False** or not set, only the custom shell app runs in full screen; other apps launched by the user will run in windowed mode.
@@ -130,21 +110,21 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
### Custom OMA-URI setting
-In your MDM service, you can create a [custom OMA-URI setting](/intune/custom-settings-windows-10) to configure Shell Launcher v1 or v2. (The [XML](#xml-for-shell-launcher-configuration) that you use for your setting will determine whether you apply Shell Launcher v1 or v2.)
+In your MDM service, you can create a [custom OMA-URI setting](/intune/custom-settings-windows-10) to configure Shell Launcher v1 or v1. (The [XML](#xml-for-shell-launcher-configuration) that you use for your setting determines whether you apply Shell Launcher v1 or v2.)
The OMA-URI path is `./Device/Vendor/MSFT/AssignedAccess/ShellLauncher`.
-For the value, you can select data type `String` and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type `String (XML file)`.
+For the value, you can select data type `String` and paste the desired configuration file content into the value box. If you wish to upload the xml instead of pasting the content, choose data type `String (XML file)`.
After you configure the profile containing the custom Shell Launcher setting, select **All Devices** or selected groups of devices to apply the profile to. Don't assign the profile to users or user groups.
-## Configure a custom shell using PowerShell
+## Configure a custom shell using PowerShell
For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scripts](https://github.com/Microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleBridgeWmiScripts/README.md).
-For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
+For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you'll want to change the script for your purposes. Save your script with the extension.ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
```powershell
# Check if shell launcher license is enabled
@@ -157,29 +137,22 @@ using System.Runtime.InteropServices;
static class CheckShellLauncherLicense
{
const int S_OK = 0;
-
public static bool IsShellLauncherLicenseEnabled()
{
int enabled = 0;
-
if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) {
enabled = 0;
}
-
return (enabled != 0);
}
-
static class NativeMethods
{
[DllImport("Slc.dll")]
internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value);
}
-
}
"@
-
$type = Add-Type -TypeDefinition $source -PassThru
-
return $type[0]::IsShellLauncherLicenseEnabled()
}
@@ -200,12 +173,12 @@ $NAMESPACE = "root\standardcimv2\embedded"
try {
$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
} catch [Exception] {
- write-host $_.Exception.Message;
+ write-host $_.Exception.Message;
+
write-host "Make sure Shell Launcher feature is enabled"
exit
}
-
# This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
$Admins_SID = "S-1-5-32-544"
@@ -218,7 +191,7 @@ function Get-UsernameSID($AccountName) {
$NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
return $NTUserSID.Value
-
+
}
# Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script.
@@ -232,8 +205,7 @@ $restart_device = 1
$shutdown_device = 2
# Examples. You can change these examples to use the program that you want to use as the shell.
-
-# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
+# This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
$ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)
@@ -259,39 +231,36 @@ Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting
# Enable Shell Launcher
$ShellLauncherClass.SetEnabled($TRUE)
-
$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
-
"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
# Remove the new custom shells.
$ShellLauncherClass.RemoveCustomShell($Admins_SID)
-
$ShellLauncherClass.RemoveCustomShell($Cashier_SID)
# Disable Shell Launcher
$ShellLauncherClass.SetEnabled($FALSE)
-
$IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
-
"`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
```
## default action, custom action, exit code
-Shell launcher defines 4 actions to handle app exits, you can customize shell launcher and use these actions based on different exit code.
-Value|Description
---- | ---
-0|Restart the shell
-1|Restart the device
-2|Shut down the device
-3|Do nothing
+Shell launcher defines four actions to handle app exits, you can customize shell launcher and use these actions based on different exit code.
-These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
+| Value | Description |
+|--|--|
+| 0 | Restart the shell |
+| 1 | Restart the device |
+| 2 | Shut down the device |
+| 3 | Do nothing |
+
+These actions can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
+
+To configure these actions with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most four custom actions mapping to four exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommended to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
-To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommended to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
``` xml
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk/kiosk-single-app.md
similarity index 78%
rename from windows/configuration/kiosk-single-app.md
rename to windows/configuration/kiosk/kiosk-single-app.md
index 0218a198e2..688758b856 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk/kiosk-single-app.md
@@ -1,9 +1,6 @@
---
title: Set up a single-app kiosk on Windows
description: A single-use device is easy to set up in Windows Pro, Enterprise, and Education editions.
-ms.reviewer: sybruckm
-ms.author: lizlong
-author: lizgt2000
ms.topic: article
ms.collection:
- tier1
@@ -11,13 +8,7 @@ ms.date: 07/12/2023
---
-# Set up a single-app kiosk on Windows 10/11
-
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
+# Set up a single-app kiosk
A single-app kiosk uses the Assigned Access feature to run a single app above the lock screen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
@@ -28,30 +19,30 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th
>
>Kiosk mode is not supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk. Apps that run in kiosk mode cannot use copy and paste.
-You have several options for configuring your single-app kiosk.
+You have several options for configuring your single-app kiosk.
-- [Locally, in Settings](#local): The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account.
+- Locally, in Settings: The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account.
This option supports:
- Windows 10 Pro, Enterprise, and Education
- Windows 11
-- [PowerShell](#powershell): You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.
+- PowerShell: You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.
This option supports:
- Windows 10 Pro, Enterprise, and Education
- Windows 11
-- [The kiosk wizard in Windows Configuration Designer](#wizard): Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.
+- The kiosk wizard in Windows Configuration Designer: Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.
This option supports:
- Windows 10 Pro version 1709+, Enterprise, and Education
- Windows 11
-- [Microsoft Intune or other mobile device management (MDM) provider](#mdm): For devices managed by your organization, you can use MDM to set up a kiosk configuration.
+- Microsoft Intune or other mobile device management (MDM) provider: For devices managed by your organization, you can use MDM to set up a kiosk configuration.
This option supports:
@@ -59,26 +50,27 @@ You have several options for configuring your single-app kiosk.
- Windows 11
> [!TIP]
-> You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).
+> You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).
+
>
> Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
-
-
-
## Set up a kiosk in local Settings
->App type:
-> - UWP
->
->OS:
-> - Windows 10 Pro, Ent, Edu
-> - Windows 11
->
->Account type:
-> - Local standard user
+App type:
-You can use **Settings** to quickly configure one or a few devices as a kiosk.
+- UWP
+
+OS:
+
+- Windows 10 Pro, Ent, Edu
+- Windows 11
+
+Account type:
+
+- Local standard user
+
+You can use **Settings** to quickly configure one or a few devices as a kiosk.
When your kiosk is a local device that isn't managed by Active Directory or Microsoft Entra ID, there is a default setting that enables automatic sign-in after a restart. That means that when the device restarts, the last signed-in user will be signed in automatically. If the last signed-in user is the kiosk account, the kiosk app will be launched automatically after the device restarts.
@@ -92,73 +84,67 @@ When your kiosk is a local device that isn't managed by Active Directory or Micr
When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows client, you create the kiosk user account at the same time. To set up assigned access in PC settings:
-1. Open the **Settings** app > **Accounts**. Select **Other users** or **Family and other users**.
+Open the **Settings** app > **Accounts**. Select **Other users** or **Family and other users**.
-2. Select **Set up a kiosk > Assigned access**, and then select **Get started**.
+1. Select **Set up a kiosk > Assigned access**, and then select **Get started**.
-3. Enter a name for the new account.
+1. Enter a name for the new account.
>[!NOTE]
>If there are any local standard user accounts on the device already, the **Create an account** page will offer the option to **Choose an existing account**.
-4. Choose the app that will run when the kiosk account signs in. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). If you select **Microsoft Edge** as the kiosk app, you configure the following options:
+1. Choose the app that will run when the kiosk account signs in. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). If you select **Microsoft Edge** as the kiosk app, you configure the following options:
- Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
- Which URL should be displayed when the kiosk accounts signs in
- When Microsoft Edge should restart after a period of inactivity (if you select to run as a public browser)
-5. Select **Close**.
+1. Select **Close**.
To remove assigned access, select the account tile on the **Set up a kiosk** page, and then select **Remove kiosk**.
-
### Windows 10 version 1803 and earlier
When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10 version 1803 and earlier, you must select an existing local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
-**To set up assigned access in PC settings**
-
-1. Go to **Start** > **Settings** > **Accounts** > **Other people**.
-
-2. Select **Set up assigned access**.
-
-3. Choose an account.
-
-4. Choose an app. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md).
-
-5. Close **Settings** – your choices are saved automatically, and will be applied the next time that user account signs in.
+To set up assigned access in PC settings:
+1. Go to **Start** > **Settings** > **Accounts** > **Other people**.
+1. Select **Set up assigned access**.
+1. Choose an account.
+1. Choose an app. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md).
+1. Close **Settings** - your choices are saved automatically, and will be applied the next time that user account signs in.
To remove assigned access, choose **Turn off assigned access and sign out of the selected account**.
-
-
## Set up a kiosk using Windows PowerShell
-
->App type:
-> - UWP
->
->OS:
-> - Windows 10 Pro, Ent, Edu
-> - Windows 11
->
->Account type:
-> - Local standard user
+App type:
+
+- UWP
+
+OS:
+
+- Windows 10 Pro, Ent, Edu
+- Windows 11
+
+Account type:
+
+- Local standard user
-You can use any of the following PowerShell cmdlets to set up assigned access on multiple devices.
+You can use any of the following PowerShell cmdlets to set up assigned access on multiple devices.
Before you run the cmdlet:
1. Sign in as administrator.
-2. [Create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) for Assigned Access.
-3. Sign in as the Assigned Access user account.
-4. Install the Universal Windows app that follows the assigned access/above the lock guidelines.
-5. Sign out as the Assigned Access user account.
-6. Sign in as administrator.
+1. [Create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) for Assigned Access.
+1. Sign in as the Assigned Access user account.
+1. Install the Universal Windows app that follows the assigned access/above the lock guidelines.
+1. Sign out as the Assigned Access user account.
+1. Sign in as administrator.
To open PowerShell on Windows client, search for PowerShell, and find **Windows PowerShell Desktop app** in the results. Run PowerShell as administrator.
@@ -168,7 +154,7 @@ To open PowerShell on Windows client, search for PowerShell, and find **Windows
- **Configure assigned access by app name and user SID**: `Set-AssignedAccess -AppName -UserSID `
> [!NOTE]
-> To set up assigned access using `-AppName`, the user account that you enter for assigned access must have signed in at least once.
+> To set up assigned access using `-AppName`, the user account that you enter for assigned access must have signed in at least once.
[Learn how to get the AUMID](./find-the-application-user-model-id-of-an-installed-app.md).
@@ -180,32 +166,32 @@ To remove assigned access, using PowerShell, run the following cmdlet:
Clear-AssignedAccess
```
-
-
## Set up a kiosk using the kiosk wizard in Windows Configuration Designer
->App type:
-> - UWP
-> - Windows desktop application
->
->OS:
-> - Windows 10 Pro version 1709+ for UWP only
-> - Windows 10 Ent, Edu for UWP and Windows desktop applications
-> - Windows 11
->
->Account type:
-> - Local standard user
-> - Active Directory
+App type:
+
+- UWP
+- Windows desktop application
+
+OS:
+
+- Windows 10 Pro version 1709+ for UWP only
+- Windows 10 Ent, Edu for UWP and Windows desktop applications
+- Windows 11
+
+Account type:
+
+- Local standard user
+- Active Directory
-
>[!IMPORTANT]
>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon).
When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application.
-[Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and select **Next**, configure the following settings:
+[Install Windows Configuration Designer](../provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and select **Next**, configure the following settings:
1. Enable device setup:
@@ -218,7 +204,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
- **Configure devices for shared use**: This setting optimizes Windows client for shared use scenarios, and isn't necessary for a kiosk scenario. Set this value to **No**, which may be the default.
- **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
-2. Set up the network:
+1. Set up the network:
:::image type="content" source="images/set-up-network-details.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
@@ -228,7 +214,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
- **Network SSID**: Enter the Service Set Identifier (SSID) of the network.
- **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
-3. Enable account management:
+1. Enable account management:
:::image type="content" source="images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Microsoft Entra ID, or create a local admin account.":::
@@ -244,21 +230,21 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
- **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
-4. Add applications:
+1. Add applications:
:::image type="content" source="images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application that will run in kiosk mode.":::
- To add applications to the devices, select **Add applications**. You can install multiple applications in a provisioning package, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md).
+ To add applications to the devices, select **Add applications**. You can install multiple applications in a provisioning package, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md).
> [!WARNING]
> If you select the plus button to add an application, you must enter an application for the provisioning package to validate. If you select the plus button by mistake, then:
>
> 1. In **Installer Path**, select any executable file.
- > 2. When the **Cancel** button shows, select it.
+ > 1. When the **Cancel** button shows, select it.
>
> These steps let you complete the provisioning package without adding an application.
-5. Add certificates:
+1. Add certificates:
:::image type="content" source="images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
@@ -267,7 +253,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
- **Certificate name**: Enter a name for the certificate.
- **Certificate path**: Browse and select the certificate you want to add.
-6. Configure the kiosk account, and the kiosk mode app:
+1. Configure the kiosk account, and the kiosk mode app:
:::image type="content" source="images/kiosk-account-details.png" alt-text="In Windows Configuration Designer, the Configure kiosk common settings button is shown when provisioning a kiosk device.":::
@@ -279,7 +265,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
- **Windows desktop application**: Enter the path or filename. If the file path is in the PATH environment variable, then you can use the filename. Otherwise, the full path is required.
- **Universal Windows app**: Enter the AUMID.
-7. Configure kiosk common settings:
+1. Configure kiosk common settings:
:::image type="content" source="images/kiosk-common-details.png" alt-text="In Windows Configuration Designer, set tablet mode, configure the welcome and shutdown screens, and turn off the power timeout settings.":::
@@ -289,7 +275,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
- **Customize user experience**
- **Configure power settings**
-8. Finish:
+1. Finish:
:::image type="content" source="images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
@@ -298,37 +284,36 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
- **Protect your package**: Select **Yes** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
>[!NOTE]
->If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**
+>If you want to use [the advanced editor in Windows Configuration Designer](../provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**
>[!IMPORTANT]
>When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-[Learn how to apply a provisioning package.](provisioning-packages/provisioning-apply-package.md)
-
-
+[Learn how to apply a provisioning package.](../provisioning-packages/provisioning-apply-package.md)
## Set up a kiosk or digital sign using Microsoft Intune or other MDM service
->App type:
-> - UWP
->
->OS:
-> - Windows 10 Pro version 1709+, Ent, Edu
-> - Windows 11
->
->Account type:
-> - Local standard user
-> - Microsoft Entra ID
+App type:
+
+- UWP
+
+OS:
+
+- Windows 10 Pro version 1709+, Ent, Edu
+- Windows 11
+
+Account type:
+
+- Local standard user
+- Microsoft Entra ID
Microsoft Intune and other MDM services enable kiosk configuration through the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Assigned Access has a `KioskModeApp` setting. In the `KioskModeApp` setting, you enter the user account name and the [AUMID](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the app to run in kiosk mode.
>[!TIP]
->A ShellLauncher node has been added to the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
+>A ShellLauncher node has been added to the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
To configure a kiosk in Microsoft Intune, see [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For other MDM services, see the documentation for your provider.
-
-
## Sign out of assigned access
To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the sign in screen timeout, the kiosk app relaunches. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk/kiosk-validate.md
similarity index 66%
rename from windows/configuration/kiosk-validate.md
rename to windows/configuration/kiosk/kiosk-validate.md
index 7ab28c7741..eb3259d185 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk/kiosk-validate.md
@@ -1,58 +1,49 @@
---
-title: Validate kiosk configuration (Windows 10/11)
-description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
+title: Validate kiosk configuration
+description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education.
+
ms.topic: article
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Validate kiosk configuration
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
To identify the provisioning packages applied to a device, go to **Settings** > **Accounts** > **Access work or school**, and then click **Add or remove a provisioning package**. You should see a list of packages that were applied to the device.
Optionally, run Event Viewer (eventvwr.exe) and look through logs under **Applications and Services Logs** > **Microsoft** > **Windows** > **Provisioning-Diagnostics-Provider** > **Admin**.
-To test the kiosk, sign in with the assigned access user account you specified in the configuration to check out the multi-app experience.
+To test the kiosk, sign in with the assigned access user account you specified in the configuration to check out the multi-app experience.
>[!NOTE]
->The kiosk configuration setting will take effect the next time the assigned access user signs in. If that user account is signed in when you apply the configuration, make sure the user signs out and signs back in to validate the experience.
+>The kiosk configuration setting will take effect the next time the assigned access user signs in. If that user account is signed in when you apply the configuration, make sure the user signs out and signs back in to validate the experience.
The following sections explain what to expect on a multi-app kiosk.
### App launching and switching experience
-In the multi-app mode, to maximize the user productivity and streamline the experience, an app will be always launched in full screen when the users click the tile on the Start. The users can minimize and close the app, but cannot resize the app window.
+In the multi-app mode, to maximize the user productivity and streamline the experience, an app will be always launched in full screen when the users click the tile on the Start. The users can minimize and close the app, but cannot resize the app window.
-The users can switch apps just as they do today in Windows. They can use the Task View button, Alt + Tab hotkey, and the swipe in from the left gesture to view all the open apps in task view. They can click the Windows button to show Start, from which they can open apps, and they can switch to an opened app by clicking it on the taskbar.
+The users can switch apps just as they do today in Windows. They can use the Task View button, Alt + Tab hotkey, and the swipe in from the left gesture to view all the open apps in task view. They can click the Windows button to show Start, from which they can open apps, and they can switch to an opened app by clicking it on the taskbar.
### Start changes
When the assigned access user signs in, you should see a restricted Start experience:
-- Start gets launched in full screen and prevents the end user from accessing the desktop.
-- Start shows the layout aligned with what you defined in the multi-app configuration XML.
+- Start gets launched in full screen and prevents the end user from accessing the desktop.
+
+- Start shows the layout aligned with what you defined in the multi-app configuration XML.
+
- Start prevents the end user from changing the tile layout.
- The user cannot resize, reposition, and unpin the tiles.
- The user cannot pin additional tiles on the start.
- Start hides **All Apps** list.
-- Start hides all the folders on Start (including File Explorer, Settings, Documents, Downloads, Music, Pictures, Videos, HomeGroup, Network, and Personal folders).
-- Only **User** and **Power** buttons are available. (You can control whether to show the **User/Power** buttons using [existing policies](/windows/client-management/mdm/policy-csp-start).)
+- Start hides all the folders on Start (including File Explorer, Settings, Documents, Downloads, Music, Pictures, Videos, HomeGroup, Network, and Personal folders).
+- Only **User** and **Power** buttons are available. (You can control whether to show the **User/Power** buttons using [existing policies](/windows/client-management/mdm/policy-csp-start).)
- Start hides **Change account settings** option under **User** button.
### Taskbar changes
If the applied multi-app configuration enables taskbar, when the assigned access user signs in, you should see a restricted Taskbar experience:
+
- Disables context menu of Start button (Quick Link)
- Disables context menu of taskbar
- Prevents the end user from changing the taskbar
@@ -62,33 +53,31 @@ If the applied multi-app configuration enables taskbar, when the assigned access
### Blocked hotkeys
-The multi-app mode blocks the following hotkeys, which are not relevant for the lockdown experience.
+The multi-app mode blocks the following hotkeys, which are not relevant for the lockdown experience.
| Hotkey | Action |
| --- | --- |
-| Windows logo key + A | Open Action center |
-| Windows logo key + Shift + C | Open Cortana in listening mode |
-| Windows logo key + D | Display and hide the desktop |
-| Windows logo key + Alt + D | Display and hide the date and time on the desktop |
-| Windows logo key + E | Open File Explorer |
-| Windows logo key + F | Open Feedback Hub |
-| Windows logo key + G | Open Game bar when a game is open |
-| Windows logo key + I | Open Settings |
-| Windows logo key + J | Set focus to a Windows tip when one is available. |
-| Windows logo key + O | Lock device orientation |
-| Windows logo key + Q | Open search |
-| Windows logo key + R | Open the Run dialog box |
-| Windows logo key + S | Open search |
-| Windows logo key + X | Open the Quick Link menu |
-| Windows logo key + comma (,) | Temporarily peek at the desktop |
-| Windows logo key + Ctrl + F | Search for PCs (if you're on a network) |
-
-
+| Windows logo key + A | Open Action center |
+| Windows logo key + Shift + C | Open Cortana in listening mode |
+| Windows logo key + D | Display and hide the desktop |
+| Windows logo key + Alt + D | Display and hide the date and time on the desktop |
+| Windows logo key + E | Open File Explorer |
+| Windows logo key + F | Open Feedback Hub |
+| Windows logo key + G | Open Game bar when a game is open |
+| Windows logo key + I | Open Settings |
+| Windows logo key + J | Set focus to a Windows tip when one is available. |
+| Windows logo key + O | Lock device orientation |
+| Windows logo key + Q | Open search |
+| Windows logo key + R | Open the Run dialog box |
+| Windows logo key + S | Open search |
+| Windows logo key + X | Open the Quick Link menu |
+| Windows logo key + comma (,) | Temporarily peek at the desktop |
+| Windows logo key + Ctrl + F | Search for PCs (if you're on a network) |
### Locked-down Ctrl+Alt+Del screen
-The multi-app mode removes options (e.g. **Change a password**, **Task Manager**, **Network**) in the Ctrl+Alt+Del screen to ensure the users cannot access the functionalities that are not allowed in the lockdown experience.
+The multi-app mode removes options (e.g. **Change a password**, **Task Manager**, **Network**) in the Ctrl+Alt+Del screen to ensure the users cannot access the functionalities that are not allowed in the lockdown experience.
### Auto-trigger touch keyboard
-In the multi-app mode, the touch keyboard will be automatically triggered when there is an input needed and no physical keyboard is attached on touch-enabled devices. You don’t need to configure any other setting to enforce this behavior.
+In the multi-app mode, the touch keyboard will be automatically triggered when there is an input needed and no physical keyboard is attached on touch-enabled devices. You don't need to configure any other setting to enforce this behavior.
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk/kiosk-xml.md
similarity index 99%
rename from windows/configuration/kiosk-xml.md
rename to windows/configuration/kiosk/kiosk-xml.md
index d4525a15f4..dc2c2a62b2 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk/kiosk-xml.md
@@ -1,25 +1,13 @@
---
-title: Assigned Access configuration kiosk XML reference (Windows 10/11)
+title: Assigned Access configuration kiosk XML reference
description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.author: lizlong
+
ms.topic: article
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Assigned Access configuration (kiosk) XML reference
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
## Full XML sample
>[!NOTE]
@@ -27,7 +15,8 @@ ms.date: 12/31/2017
```xml
-
@@ -60,7 +49,8 @@ ms.date: 12/31/2017
@@ -140,6 +130,7 @@ ms.date: 12/31/2017
```
+
## Kiosk only sample XML
```xml
@@ -193,7 +184,8 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
@@ -252,6 +244,7 @@ This sample demonstrates that both UWP and Win32 apps can be configured to autom
```
## Microsoft Edge Kiosk XML Sample
+
```xml
-
+
+
@@ -312,7 +306,8 @@ This sample demonstrates that only a global profile is used, with no active user
@@ -336,6 +331,7 @@ This sample demonstrates that only a global profile is used, with no active user
```
Below sample shows dedicated profile and global profile mixed usage, a user would use one profile, everyone else that's non-admin will use another profile.
+
```xml
@@ -420,6 +417,7 @@ Below sample shows dedicated profile and global profile mixed usage, a user woul
```
## Folder Access sample xml
+
Starting with Windows 10 version 1809 +, folder access is locked down so that when common file dialog is opened, IT Admin can specify if the user has access to the Downloads folder, or no access to any folder at all. This restriction has been redesigned for finer granularity and easier use, and is available in Windows 10 version 2009+.
IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Downloads and Removable Drives can be allowed at the same time.
@@ -656,7 +654,6 @@ IT Admin now can specify user access to Downloads folder, Removable drives, or n
-
```
## XSD for AssignedAccess configuration XML
@@ -755,7 +752,7 @@ The following XML schema is for AssignedAccess Configuration up to Windows 10, v
-
+
@@ -930,7 +927,7 @@ The following XML is the schema for Windows 10 version 1909+:
-
+
diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/kiosk/lock-down-windows-10-applocker.md
similarity index 58%
rename from windows/configuration/lock-down-windows-10-applocker.md
rename to windows/configuration/kiosk/lock-down-windows-10-applocker.md
index 0b37ec1768..2781e1b640 100644
--- a/windows/configuration/lock-down-windows-10-applocker.md
+++ b/windows/configuration/kiosk/lock-down-windows-10-applocker.md
@@ -1,30 +1,20 @@
---
-title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10)
-description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
+title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps
+description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
+appliesto:
+- ✅ Windows 10
ms.date: 07/30/2018
-ms.author: lizlong
ms.topic: article
-ms.technology: itpro-configure
---
# Use AppLocker to create a Windows 10 kiosk that runs multiple apps
-
-**Applies to**
-
-- Windows 10
-
-Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps. The result is similar to [a kiosk device](./kiosk-methods.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
+Learn how to configure a device running Windows 10 Enterprise or Windows 10 Education, version 1703 and earlier, so that users can only run a few specific apps. The result is similar to [a kiosk device](./kiosk-methods.md), but with multiple apps available. For example, you might set up a library computer so that users can search the catalog and browse the Internet, but can't run any other apps or change computer settings.
>[!NOTE]
>For devices running Windows 10, version 1709, we recommend the [multi-app kiosk method](lock-down-windows-10-to-specific-apps.md).
-You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](/windows/device-security/applocker/applocker-overview). AppLocker rules specify which apps are allowed to run on the device.
+You can restrict users to a specific set of apps on a device running Windows 10 Enterprise or Windows 10 Education by using [AppLocker](/windows/device-security/applocker/applocker-overview). AppLocker rules specify which apps are allowed to run on the device.
AppLocker rules are organized into collections based on file format. If no AppLocker rules for a specific rule collection exist, all files with that file format are allowed to run. However, when an AppLocker rule for a specific rule collection is created, only the files explicitly allowed in a rule are permitted to run. For more information, see [How AppLocker works](/windows/device-security/applocker/how-applocker-works-techref).
@@ -34,87 +24,74 @@ This topic describes how to lock down apps on a local device. You can also use A
## Install apps
-
First, install the desired apps on the device for the target user account(s). This works for both Unified Windows Platform (UWP) apps and Windows desktop apps. For UWP apps, you must log on as that user for the app to install. For desktop apps, you can install an app for all users without logging on to the particular account.
## Use AppLocker to set rules for apps
-
After you install the desired apps, set up AppLocker rules to only allow specific apps, and block everything else.
-1. Run Local Security Policy (secpol.msc) as an administrator.
-
-2. Go to **Security Settings** > **Application Control Policies** > **AppLocker**, and select **Configure rule enforcement**.
+1. Run Local Security Policy (secpol.msc) as an administrator.
+1. Go to **Security Settings** > **Application Control Policies** > **AppLocker**, and select **Configure rule enforcement**.
-3. Check **Configured** under **Executable rules**, and then click **OK**.
-
-4. Right-click **Executable Rules** and then click **Automatically generate rules**.
+1. Check **Configured** under **Executable rules**, and then click **OK**.
+1. Right-click **Executable Rules** and then click **Automatically generate rules**.
-5. Select the folder that contains the apps that you want to permit, or select C:\\ to analyze all apps.
-
-6. Type a name to identify this set of rules, and then click **Next**.
-
-7. On the **Rule Preferences** page, click **Next**. Be patient, it might take awhile to generate the rules.
-
-8. On the **Review Rules** page, click **Create**. The wizard will now create a set of rules allowing the installed set of apps.
-
-9. Read the message and click **Yes**.
+1. Select the folder that contains the apps that you want to permit, or select C:\\ to analyze all apps.
+1. Type a name to identify this set of rules, and then click **Next**.
+1. On the **Rule Preferences** page, click **Next**. Be patient, it might take awhile to generate the rules.
+1. On the **Review Rules** page, click **Create**. The wizard will now create a set of rules allowing the installed set of apps.
+1. Read the message and click **Yes**.
-10. (optional) If you want a rule to apply to a specific set of users, right-click on the rule and select **Properties**. Then use the dialog to choose a different user or group of users.
-
-11. (optional) If rules were generated for apps that should not be run, you can delete them by right-clicking on the rule and selecting **Delete**.
-
-12. Before AppLocker will enforce rules, the **Application Identity** service must be turned on. To force the Application Identity service to automatically start on reset, open a command prompt and run:
+1. (optional) If you want a rule to apply to a specific set of users, right-click on the rule and select **Properties**. Then use the dialog to choose a different user or group of users.
+1. (optional) If rules were generated for apps that should not be run, you can delete them by right-clicking on the rule and selecting **Delete**.
+1. Before AppLocker will enforce rules, the **Application Identity** service must be turned on. To force the Application Identity service to automatically start on reset, open a command prompt and run:
``` syntax
sc config appidsvc start=auto
```
-13. Restart the device.
+1. Restart the device.
## Other settings to lock down
-
In addition to specifying the apps that users can run, you should also restrict some settings and functions on the device. For a more secure experience, we recommend that you make the following configuration changes to the device:
-- Remove **All apps**.
+- Remove **All apps**.
Go to **Group Policy Editor** > **User Configuration** > **Administrative Templates\\Start Menu and Taskbar\\Remove All Programs list from the Start menu**.
-- Hide **Ease of access** feature on the logon screen.
+- Hide **Ease of access** feature on the logon screen.
Go to **Control Panel** > **Ease of Access** > **Ease of Access Center**, and turn off all accessibility tools.
-- Disable the hardware power button.
+- Disable the hardware power button.
Go to **Power Options** > **Choose what the power button does**, change the setting to **Do nothing**, and then **Save changes**.
-- Disable the camera.
+- Disable the camera.
Go to **Settings** > **Privacy** > **Camera**, and turn off **Let apps use my camera**.
-- Turn off app notifications on the lock screen.
+- Turn off app notifications on the lock screen.
Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Logon\\Turn off app notifications on the lock screen**.
-- Disable removable media.
+- Disable removable media.
Go to **Group Policy Editor** > **Computer Configuration** > **Administrative Templates\\System\\Device Installation\\Device Installation Restrictions**. Review the policy settings available in **Device Installation Restrictions** for the settings applicable to your situation.
- **Note**
- To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
+ **Note**
-
+ To prevent this policy from affecting a member of the Administrators group, in **Device Installation Restrictions**, enable **Allow administrators to override Device Installation Restriction policies**.
To learn more about locking down features, see [Customizations for Windows 10 Enterprise](/windows-hardware/customize/enterprise/enterprise-custom-portal).
## Customize Start screen layout for the device (recommended)
-
-Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).
+Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](../start/windows-10-start-layout-options-and-policies.md).
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/kiosk/lock-down-windows-10-to-specific-apps.md
similarity index 93%
rename from windows/configuration/lock-down-windows-10-to-specific-apps.md
rename to windows/configuration/kiosk/lock-down-windows-10-to-specific-apps.md
index a32e707e87..43646ca390 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/kiosk/lock-down-windows-10-to-specific-apps.md
@@ -1,15 +1,8 @@
---
title: Set up a multi-app kiosk on Windows 10
description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
-author: lizgt2000
-ms.author: lizlong
-ms.reviewer: sybruckm
ms.topic: how-to
ms.date: 11/08/2023
-appliesto:
- - ✅ Windows 10 Pro
- - ✅ Windows 10 Enterprise
- - ✅ Windows 10 Education
---
# Set up a multi-app kiosk on Windows 10 devices
@@ -50,8 +43,8 @@ To configure a kiosk in Microsoft Intune, see:
Process:
1. [Create XML file](#create-xml-file)
-2. [Add XML file to provisioning package](#add-xml)
-3. [Apply provisioning package to device](#apply-ppkg)
+1. [Add XML file to provisioning package](#add-xml)
+1. [Apply provisioning package to device](#apply-ppkg)
Watch how to use a provisioning package to configure a multi-app kiosk.
@@ -154,7 +147,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
When the multi-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**:
1. Default rule is to allow all users to launch the signed package apps.
-2. The package app blocklist is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the blocklist. This list will exclude the default allowed inbox package apps, which are critical for the system to function. It then excludes the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This blocklist will be used to prevent the user from accessing the apps that are currently available for the user but not in the allowed list.
+1. The package app blocklist is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the blocklist. This list will exclude the default allowed inbox package apps, which are critical for the system to function. It then excludes the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This blocklist will be used to prevent the user from accessing the apps that are currently available for the user but not in the allowed list.
> [!NOTE]
> You can't manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994629(v=ws.11)#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration.
@@ -164,8 +157,8 @@ When the multi-app kiosk configuration is applied to a device, AppLocker rules w
Here are the predefined assigned access AppLocker rules for **desktop apps**:
1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
-2. There's a predefined inbox desktop app blocklist for the assigned access user account, and this blocklist is adjusted based on the desktop app allowlist that you defined in the multi-app configuration.
-3. Enterprise-defined allowed desktop apps are added in the AppLocker allowlist.
+1. There's a predefined inbox desktop app blocklist for the assigned access user account, and this blocklist is adjusted based on the desktop app allowlist that you defined in the multi-app configuration.
+1. Enterprise-defined allowed desktop apps are added in the AppLocker allowlist.
The following example allows Groove Music, Movies & TV, Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
@@ -224,17 +217,17 @@ The following example shows how to allow user access to the Downloads folder in
> - `FileExplorerNamespaceRestrictions` and `AllowedNamespace:Downloads` are available in namespace `https://schemas.microsoft.com/AssignedAccess/201810/config`.
> - `AllowRemovableDrives` and `NoRestriction` are defined in a new namespace `https://schemas.microsoft.com/AssignedAccess/2020/config`.
-* When `FileExplorerNamespaceRestrictions` node isn't used, or used but left empty, the user won't be able to access any folder in a common dialog. For example, **Save As** in the Microsoft Edge browser.
-* When Downloads is mentioned in allowed namespace, user will be able to access Downloads folder.
-* When `AllowRemovableDrives` is used, user will be to access removable drives.
-* When `NoRestriction` is used, no restriction will be applied to the dialog.
-* `AllowRemovableDrives` and `AllowedNamespace:Downloads` can be used at the same time.
+- When `FileExplorerNamespaceRestrictions` node isn't used, or used but left empty, the user won't be able to access any folder in a common dialog. For example, **Save As** in the Microsoft Edge browser.
+- When Downloads is mentioned in allowed namespace, user will be able to access Downloads folder.
+- When `AllowRemovableDrives` is used, user will be to access removable drives.
+- When `NoRestriction` is used, no restriction will be applied to the dialog.
+- `AllowRemovableDrives` and `AllowedNamespace:Downloads` can be used at the same time.
##### StartLayout
After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen.
-The easiest way to create a customized Start layout to apply to other Windows client devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](customize-and-export-start-layout.md).
+The easiest way to create a customized Start layout to apply to other Windows client devices is to set up the Start screen on a test device and then export the layout. For detailed steps, see [Customize and export Start layout](../start/customize-and-export-start-layout.md).
A few things to note here:
@@ -304,7 +297,7 @@ The following example hides the taskbar:
```
> [!IMPORTANT]
-> The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Microsoft Entra account could potentially compromise confidential information.
+> The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Microsoft Entra account could potentially compromise confidential information.
#### Configs
@@ -415,14 +408,14 @@ Group accounts are specified using ``. Nested groups aren't supported
#### [Preview] Global profile
-Global profile is available in Windows 10. If you want everyone who signs into a specific device to be assigned as an access user, even if there's no dedicated profile for that user. Alternatively, perhaps Assigned Access couldn't identify a profile for the user and you want to have a fallback profile. Global profile is designed for these scenarios.
+Global profile is available in Windows 1. If you want everyone who signs into a specific device to be assigned as an access user, even if there's no dedicated profile for that user. Alternatively, perhaps Assigned Access couldn't identify a profile for the user and you want to have a fallback profile. Global profile is designed for these scenarios.
Usage is demonstrated below, by using the new XML namespace and specifying `GlobalProfile` from that namespace. When you configure `GlobalProfile`, a non-admin account logs in, if this user doesn't have a designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, a global profile is applied for the user.
> [!NOTE]
> 1. `GlobalProfile` can only be a multi-app profile.
-> 2. Only one `GlobalProfile` can be used in one `AssignedAccess` configuration XML.
-> 3. `GlobalProfile` can be used as the only config, or it can be used along with regular user or group config.
+> 1. Only one `GlobalProfile` can be used in one `AssignedAccess` configuration XML.
+> 1. `GlobalProfile` can be used as the only config, or it can be used along with regular user or group config.
```xml
@@ -452,7 +445,8 @@ Usage is demonstrated below, by using the new XML namespace and specifying `Glob
@@ -479,67 +473,67 @@ Usage is demonstrated below, by using the new XML namespace and specifying `Glob
Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
-Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
+Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](../provisioning-packages/provisioning-install-icd.md).
> [!IMPORTANT]
> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
1. Open Windows Configuration Designer. By default: `%systemdrive%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe`.
-2. Choose **Advanced provisioning**.
+1. Choose **Advanced provisioning**.
-3. Name your project, and select **Next**.
+1. Name your project, and select **Next**.
-4. Choose **All Windows desktop editions** and select **Next**.
+1. Choose **All Windows desktop editions** and select **Next**.
-5. On **New project**, select **Finish**. The workspace for your package opens.
+1. On **New project**, select **Finish**. The workspace for your package opens.
-6. Expand **Runtime settings** > **AssignedAccess** > **MultiAppAssignedAccessSettings**.
+1. Expand **Runtime settings** > **AssignedAccess** > **MultiAppAssignedAccessSettings**.
-7. In the center pane, select **Browse**. Locate and select the assigned access configuration XML file that you created.
+1. In the center pane, select **Browse**. Locate and select the assigned access configuration XML file that you created.
-8. _Optional: If you want to apply the provisioning package after device initial setup and there's an admin user already available on the kiosk device, skip this step._ Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
+1. _Optional: If you want to apply the provisioning package after device initial setup and there's an admin user already available on the kiosk device, skip this step._ Create an admin user account in **Runtime settings** > **Accounts** > **Users**. Provide a **UserName** and **Password**, and select **UserGroup** as **Administrators**. With this account, you can view the provisioning status and logs if needed.
-9. _Optional: If you already have a non-admin account on the kiosk device, skip this step._ Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
+1. _Optional: If you already have a non-admin account on the kiosk device, skip this step._ Create a local standard user account in **Runtime settings** > **Accounts** > **Users**. Make sure the **UserName** is the same as the account that you specify in the configuration XML. Select **UserGroup** as **Standard Users**.
-10. On the **File** menu, select **Save.**
+1. On the **File** menu, select **Save.**
-11. On the **Export** menu, select **Provisioning package**.
+1. On the **Export** menu, select **Provisioning package**.
-12. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
-13. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
+1. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
- **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
-14. Select **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
+1. Select **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
Optionally, you can select **Browse** to change the default output location.
-15. Select **Next**.
+1. Select **Next**.
-16. Select **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+1. Select **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
If you need to cancel the build, select **Cancel**. This action cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
-17. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+1. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- If you choose, you can build the provisioning package again and pick a different path for the output package. To do this action, select **Back** to change the output package name and path, and then select **Next** to start another build.
- If you're done, select **Finish** to close the wizard and go back to the **Customizations Page**.
-18. Copy the provisioning package to the root directory of a USB drive.
+1. Copy the provisioning package to the root directory of a USB drive.
### Apply provisioning package to device
-Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime"). For more information, see [Apply a provisioning package](./provisioning-packages/provisioning-apply-package.md).
+Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime"). For more information, see [Apply a provisioning package](../provisioning-packages/provisioning-apply-package.md).
> [!NOTE]
> If your provisioning package doesn't include the assigned access user account creation, make sure the account you specified in the multi-app configuration XML exists on the device.
diff --git a/windows/configuration/lock-down-windows-11-to-specific-apps.md b/windows/configuration/kiosk/lock-down-windows-11-to-specific-apps.md
similarity index 93%
rename from windows/configuration/lock-down-windows-11-to-specific-apps.md
rename to windows/configuration/kiosk/lock-down-windows-11-to-specific-apps.md
index ad6bdff78f..705b8f1517 100644
--- a/windows/configuration/lock-down-windows-11-to-specific-apps.md
+++ b/windows/configuration/kiosk/lock-down-windows-11-to-specific-apps.md
@@ -1,22 +1,12 @@
---
title: Set up a multi-app kiosk on Windows 11
description: Learn how to configure a kiosk device running Windows 11 so that users can only run a few specific apps.
-ms.prod: windows-client
-ms.technology: itpro-configure
-author: lizgt2000
-ms.author: lizlong
ms.date: 05/12/2023
-manager: aaroncz
-ms.reviewer: sybruckm
-ms.localizationpriority: medium
+
ms.topic: how-to
---
# Set up a multi-app kiosk on Windows 11 devices
-**Applies to**
-
-- Windows 11 Pro, Enterprise, IoT Enterprise and Education
-
> [!NOTE]
> The use of multiple monitors is supported for multi-app kiosk mode in Windows 11.
@@ -36,7 +26,8 @@ See the table below for the different methods to configure a multi-app kiosk in
|--------------------|------------|
|[MDM WMI Bridge Provider](#configure-a-kiosk-using-wmi-bridge) | Available May 2023|
- Microsoft Store.
## Provisioning packages
@@ -28,47 +15,47 @@ A provisioning package contains specific configurations/settings and assets that
To enable adding multiple sets of settings or configurations, the configuration data used by the provisioning engine is built out of multiple configuration sources that consist of separate provisioning packages. Each provisioning package contains the provisioning data from a different source.
-A provisioning package (.ppkg) is a container for a collection of configuration settings. The package has the following format:
+A provisioning package (.ppkg) is a container for a collection of configuration settings. The package has the following format:
-- Package metadata – The metadata contains basic information about the package such as package name, description, version, ranking, and so on.
+- Package metadata - The metadata contains basic information about the package such as package name, description, version, ranking, and so on.
-- XML descriptors – Each descriptor defines a customization asset or configuration setting included in the package.
+- XML descriptors - Each descriptor defines a customization asset or configuration setting included in the package.
-- Asset payloads – The payloads of a customization asset or a configuration setting associated with an app or data asset.
+- Asset payloads - The payloads of a customization asset or a configuration setting associated with an app or data asset.
-You can use provisioning packages for runtime device provisioning by accessing the package on a removable media attached to the device, through near field communication (NFC), or by downloading from a remote source location.
+You can use provisioning packages for runtime device provisioning by accessing the package on a removable media attached to the device, through near field communication (NFC), or by downloading from a remote source location.
## Precedence for provisioning packages
When multiple provisioning packages are available for device provisioning, the combination of package owner type and package rank level defined in the package manifest is used to resolve setting conflicts. The pre-defined package owner types are listed below in the order of lowest to highest owner type precedence:
-1. Microsoft
+1. Microsoft
-2. Silicon Vendor
+1. Silicon Vendor
-3. OEM
+1. OEM
-4. System Integrator
+1. System Integrator
-5. Mobile Operator
+1. Mobile Operator
-6. IT Admin
+1. IT Admin
-The valid value range of package rank level is 0 to 99.
+The valid value range of package rank level is 0 to 99.
-When setting conflicts are encountered, the final values provisioned on the device are determined by the owner type precedence and the rank level of the packages containing the settings. For packages with the same owner type, the package rank level determines the package from which the setting values get provisioned on the device.
+When setting conflicts are encountered, the final values provisioned on the device are determined by the owner type precedence and the rank level of the packages containing the settings. For packages with the same owner type, the package rank level determines the package from which the setting values get provisioned on the device.
## Windows provisioning XML
-Windows provisioning XML is the framework that allows Microsoft and OEM components to declare end-user configurable settings and the on-device infrastructure for applying the settings with minimal work by the component owner.
+Windows provisioning XML is the framework that allows Microsoft and OEM components to declare end-user configurable settings and the on-device infrastructure for applying the settings with minimal work by the component owner.
Settings for each component can be declared within that component's package manifest file. These declarations are turned into settings schema that are used by Windows Configuration Designer to expose the potential settings to users to create customizations in the image or in provisioning packages. Windows Configuration Designer translates the user configuration, which is declared through Windows provisioning answer file(s), into the on-device provisioning format.
-When the provisioning engine selects a configuration, the Windows provisioning XML is contained within the selected provisioning data and is passed through the configuration manager and then to the [Windows provisioning CSP](/windows/client-management/mdm/provisioning-csp). The Windows provisioning CSP then takes and applies the provisioning to the proper location for the actual component to use.
+When the provisioning engine selects a configuration, the Windows provisioning XML is contained within the selected provisioning data and is passed through the configuration manager and then to the [Windows provisioning CSP](/windows/client-management/mdm/provisioning-csp). The Windows provisioning CSP then takes and applies the provisioning to the proper location for the actual component to use.
## Provisioning engine
-The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10/11.
+The provisioning engine is the core component for managing provisioning and configuration at runtime in a device running Windows 10/11.
The provisioning engine provides the following functionality:
@@ -81,22 +68,23 @@ The provisioning engine provides the following functionality:
## Configuration manager
-The configuration manager provides the unified way of managing Windows 10/11 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings.
+The configuration manager provides the unified way of managing Windows 10/11 devices. Configuration is mainly done through the Open Mobile Alliance (OMA) Device Management (DM) and Client Provisioning (CP) protocols. The configuration manager handles and parses these protocol requests from different channels and passes them down to [Configuration Service Providers (CSPs)](/windows/client-management/mdm/configuration-service-provider-reference) to perform the specific management requests and settings.
-The provisioning engine relies on configuration manager for all of the actual processing and application of a chosen configuration. The provisioning engine determines the stage of provisioning and, based on a set of keys, determines the set of configuration to send to the configuration manager. The configuration manager in turn parses and calls into the CSPs for the setting to be applied.
+The provisioning engine relies on configuration manager for all of the actual processing and application of a chosen configuration. The provisioning engine determines the stage of provisioning and, based on a set of keys, determines the set of configuration to send to the configuration manager. The configuration manager in turn parses and calls into the CSPs for the setting to be applied.
-Underneath the configuration manager are the CSPs. Each section of configuration translates to a particular CSP to handle interpreting into an action on the device. Each CSP translates the instructions in the configuration and calls into the appropriate APIs and components to perform the requested provisioning actions.
+Underneath the configuration manager are the CSPs. Each section of configuration translates to a particular CSP to handle interpreting into an action on the device. Each CSP translates the instructions in the configuration and calls into the appropriate APIs and components to perform the requested provisioning actions.
## Policy and resource manager
-The policy, resource, and context manager components manage the enrollment and unenrollment of devices into enterprise environments. The enrollment process into an enterprise is essentially the provisioning of configuration and device management policies that the enterprise wants to enforce on the device. This is usually done through the explicit signing up of the device to an enterprise's device management server over a network connection. This provides the user with the ability to access the enterprise's resources through the device and the enterprise with a means to manage and control access and manage and control the device itself.
+The policy, resource, and context manager components manage the enrollment and unenrollment of devices into enterprise environments. The enrollment process into an enterprise is essentially the provisioning of configuration and device management policies that the enterprise wants to enforce on the device. This is usually done through the explicit signing up of the device to an enterprise's device management server over a network connection. This provides the user with the ability to access the enterprise's resources through the device and the enterprise with a means to manage and control access and manage and control the device itself.
+
+The key differences between enterprise enrollment and the configuration performed by the provisioning engine are:
-The key differences between enterprise enrollment and the configuration performed by the provisioning engine are:
- Enrollment enforces a limited and controlled set of policies on the device that the user may not have full control over. The provisioning engine exposes a larger set of settings that configure more aspects of the device and are generally user adjustable.
- The policy manager manages policy settings from multiple entities and performs a selection of the setting based on priority of the entities. The provisioning engine applies the settings and does not offer a means of prioritizing settings from different sources. The more specific provisioning is the last one applied and the one that is used.
- Individual policy settings applied from different enrollment entities are stored so they can be removed later during unenrollment. This enables the user to remove enterprise policy and return the device to a state without the enterprise restrictions and any sensitive data. The provisioning engine does not maintain individual provisioning settings or a means to roll back all applied settings.
-In Windows 10, the application of policy and enrollment through provisioning is required to support cases where an enterprise or educational institution does not have a DM server for full device management. The provisioning engine supports provisioning enrollment and policy through its configuration and integrates with the existing policy and resource manager components directly or through the configuration manager.
+In Windows 10, the application of policy and enrollment through provisioning is required to support cases where an enterprise or educational institution does not have a DM server for full device management. The provisioning engine supports provisioning enrollment and policy through its configuration and integrates with the existing policy and resource manager components directly or through the configuration manager.
## Triggers and stages
@@ -111,21 +99,21 @@ When a trigger occurs, provisioning is initiated for a particular provisioning s
## Device provisioning during OOBE
-The provisioning engine always applies provisioning packages persisted in the `C:\Recovery\Customizations` folder on the OS partition. When the provisioning engine applies provisioning packages in the `%ProgramData%\Microsoft\Provisioning` folder, certain runtime setting applications, such as the setting to install and configure Windows apps, may be extended past the OOBE pass and continually be processed in the background when the device gets to the desktop. Settings for configuring policies and certain crucial system configurations are always be completed before the first point at which they must take effect.
+The provisioning engine always applies provisioning packages persisted in the `C:\Recovery\Customizations` folder on the OS partition. When the provisioning engine applies provisioning packages in the `%ProgramData%\Microsoft\Provisioning` folder, certain runtime setting applications, such as the setting to install and configure Windows apps, may be extended past the OOBE pass and continually be processed in the background when the device gets to the desktop. Settings for configuring policies and certain crucial system configurations are always be completed before the first point at which they must take effect.
-Device users can apply a provisioning package from a remote source when the device first boots to OOBE. The device provisioning during OOBE is only triggered after the language, locale, time zone, and other settings on the first OOBE UI page are configured. When device provisioning is triggered, the provisioning UI is displayed in the OOBE page. The provisioning UI allows users to select a provisioning package acquired from a remote source, such as through NFC or a removable media.
+Device users can apply a provisioning package from a remote source when the device first boots to OOBE. The device provisioning during OOBE is only triggered after the language, locale, time zone, and other settings on the first OOBE UI page are configured. When device provisioning is triggered, the provisioning UI is displayed in the OOBE page. The provisioning UI allows users to select a provisioning package acquired from a remote source, such as through NFC or a removable media.
The following table shows how device provisioning can be initiated when a user first boots to OOBE.
-
| Package delivery | Initiation method | Supported device |
| --- | --- | --- |
| Removable media - USB drive or SD card (Packages must be placed at media root) | Five fast taps on the Windows key to launch the provisioning UI |All Windows devices |
| From an administrator device through machine-to-machine NFC or NFC tag(The administrator device must run an app that can transfer the package over NFC) | Five fast taps on the Windows key to launch the provisioning UI | Windows IoT Core devices |
-
-The provisioning engine always copies the acquired provisioning packages to the `%ProgramData%\Microsoft\Provisioning` folder before processing them during OOBE. The provisioning engine always applies provisioning packages embedded in the installed Windows image during Windows Setup OOBE pass regardless of whether the package is signed and trusted. When the provisioning engine applies an encrypted provisioning package on an end-user device during OOBE, users must first provide a valid password to decrypt the package. The provisioning engine also checks whether a provisioning package is signed and trusted; if it's not, the user must provide consent before the package is applied to the device.
-When the provisioning engine applies provisioning packages during OOBE, it applies only the runtime settings from the package to the device. Runtime settings can be system-wide configuration settings, including security policy, Windows app install/uninstall, network configuration, bootstrapping MDM enrollment, provisioning of file assets, account and domain configuration, Windows edition upgrade, and more. The provisioning engine also checks for the configuration settings on the device, such as region/locale or SIM card, and applies the multivariant settings with matching condition(s).
+
+The provisioning engine always copies the acquired provisioning packages to the `%ProgramData%\Microsoft\Provisioning` folder before processing them during OOBE. The provisioning engine always applies provisioning packages embedded in the installed Windows image during Windows Setup OOBE pass regardless of whether the package is signed and trusted. When the provisioning engine applies an encrypted provisioning package on an end-user device during OOBE, users must first provide a valid password to decrypt the package. The provisioning engine also checks whether a provisioning package is signed and trusted; if it's not, the user must provide consent before the package is applied to the device.
+
+When the provisioning engine applies provisioning packages during OOBE, it applies only the runtime settings from the package to the device. Runtime settings can be system-wide configuration settings, including security policy, Windows app install/uninstall, network configuration, bootstrapping MDM enrollment, provisioning of file assets, account and domain configuration, Windows edition upgrade, and more. The provisioning engine also checks for the configuration settings on the device, such as region/locale or SIM card, and applies the multivariant settings with matching condition(s).
## Device provisioning at runtime
@@ -141,7 +129,7 @@ When applying provisioning packages from a removable media attached to the devic
When applying multiple provisioning packages to a device, the provisioning engine resolves settings with conflicting configuration values from different packages by evaluating the package ranking using the combination of package owner type and package rank level defined in the package metadata. A configuration setting applied from a provisioning package with the highest package ranking will be the final value applied to the device.
-After a stand-alone provisioning package is applied to the device, the package is persisted in the `%ProgramData%\Microsoft\Provisioning` folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**.
+After a stand-alone provisioning package is applied to the device, the package is persisted in the `%ProgramData%\Microsoft\Provisioning` folder on the device. Provisioning packages can be removed by an administrator by using the **Add or remove a provisioning package** available under **Settings** > **Accounts** > **Access work or school**.
## Related articles
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 2f6782646c..bfb515538f 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,8 +1,6 @@
---
title: Install Windows Configuration Designer
description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
ms.reviewer: kevinsheehan
ms.date: 12/31/2017
@@ -10,12 +8,6 @@ ms.date: 12/31/2017
# Install Windows Configuration Designer, and learn about any limitations
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Use the Windows Configuration Designer tool to create provisioning packages to easily configure devices running Windows client. Windows Configuration Designer is primarily used by IT departments for business and educational institutions who need to provision bring-your-own-device (BYOD) and business-supplied devices.
## Supported platforms
@@ -49,7 +41,8 @@ On devices running Windows client, you can install [the Windows Configuration De
## Current Windows Configuration Designer limitations
- When running Windows Configuration Designer on Windows releases earlier than Windows 10, version 2004 you might need to enable TLS 1.2, especially if using Bulk Enrollment Tokens. You may see the error message in the `icd.log` file: `Error: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD` For more information, see [Enable TLS 1.2 on client or server operating systems](/troubleshoot/azure/active-directory/enable-support-tls-environment#enable-tls-12-on-client-or-server-operating-systems-).
-
+
+
- Windows Configuration Designer doesn't work properly when the Group Policy setting **Policies** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Zones: Use only machine settings** is enabled. When this policy is set, each step will display oversized buttons that fill the **Windows Configuration Designer** window. Additionally, the various options and descriptions that are normally to the right of the buttons won't be displayed because the buttons take up all of the space in the **Windows Configuration Designer** window. To resolve the problem, run Windows Configuration Designer on a device that doesn't have this policy enabled.
- You can only run one instance of Windows Configuration Designer on your computer at a time.
@@ -63,8 +56,8 @@ On devices running Windows client, you can install [the Windows Configuration De
- To enable the simplified authoring jscripts to work on a server SKU running Windows Configuration Designer, you must enable **Allow websites to prompt for information using scripted windows**:
1. Open Internet Explorer.
- 2. Go to **Settings** > **Internet Options** > **Security** > **Custom level**.
- 3. Select **Allow websites to prompt for information using scripted windows** > **Enable**.
+ 1. Go to **Settings** > **Internet Options** > **Security** > **Custom level**.
+ 1. Select **Allow websites to prompt for information using scripted windows** > **Enable**.
- If you copy a Windows Configuration Designer project from one PC to another PC, then:
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index f6bda1fbba..64da06a98c 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -1,56 +1,40 @@
---
-title: Create a provisioning package with multivariant settings (Windows 10/11)
+title: Create a provisioning package with multivariant settings
description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
-ms.prod: windows-client
-author: lizgt2000
ms.topic: article
-ms.localizationpriority: medium
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.author: lizlong
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Create a provisioning package with multivariant settings
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
-In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that will apply to devices set up for French and a different set of customization settings for devices set up for Japanese.
+In your organization, you might have different configuration requirements for devices that you manage. You can create separate provisioning packages for each group of devices in your organization that have different requirements. Or, you can create a multivariant provisioning package, a single provisioning package that can work for multiple conditions. For example, in a single provisioning package, you can define one set of customization settings that will apply to devices set up for French and a different set of customization settings for devices set up for Japanese.
To provision multivariant settings, you use Windows Configuration Designer to create a provisioning package that contains all of the customization settings that you want to apply to any of your devices. Next, you manually edit the .XML file for that project to define each set of devices (a **Target**). For each **Target**, you specify at least one **Condition** with a value, which identifies the devices to receive the configuration. Finally, for each **Target**, you provide the customization settings to be applied to those devices.
Let's begin by learning how to define a **Target**.
-
## Define a target
In the XML file, you provide an **Id**, or friendly name, for each **Target**. Each **Target** is defined by at least one **TargetState** which contains at least one **Condition**. A **Condition** element defines the matching type between the condition and the specified value.
-A **Target** can have more than one **TargetState**, and a **TargetState** can have more than one **Condition**.
+A **Target** can have more than one **TargetState**, and a **TargetState** can have more than one **Condition**.
-
+
The following information describes the logic for the target definition:
- When all **Condition** elements are TRUE, **TargetState** is TRUE:
- :::image type="content" source="../images/icd-multi-targetstate-true.png" alt-text="Target state is true when all conditions are true.":::
+ :::image type="content" source="images/icd-multi-targetstate-true.png" alt-text="Target state is true when all conditions are true.":::
- If any of the **TargetState** elements is TRUE, **Target** is TRUE, and the **ID** can be used for setting customizations:
- :::image type="content" source="../images/icd-multi-target-true.png" alt-text="Target is true if any target state is true":::
+ :::image type="content" source="images/icd-multi-target-true.png" alt-text="Target is true if any target state is true":::
### Conditions
The following table shows the conditions supported in Windows client provisioning for a **TargetState**:
-
| Condition Name | Condition priority | Windows client for desktop editions | Value type | Value description |
| --- | --- | --- | --- | --- |
| MNC | P0 | Supported | Digit string | Use to target settings based on the Mobile Network Code (MNC) value. |
@@ -59,7 +43,7 @@ The following table shows the conditions supported in Windows client provisionin
| PNN | P0 | Supported | String | Use to target settings based on public land mobile network (PLMN) Network Name value. |
| GID1 | P0 | Supported | Digit string | Use to target settings based on the Group Identifier (level 1) value. |
| ICCID | P0 | Supported | Digit string | Use to target settings based on the Integrated Circuit Card Identifier (ICCID) value. |
-| Roaming | P0 | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). |
+| Roaming | P0 | N/A | Boolean | Use to specify roaming. Set the value to **1** (roaming) or **0** (non-roaming). |
| UICC | P0 | N/A | Enumeration | Use to specify the Universal Integrated Circuit Card (UICC) state. Set the value to one of the following:- 0 - Empty- 1 - Ready- 2 - Locked |
| UICCSLOT | P0 | N/A | Digit string | Use to specify the UICC slot. Set the value one of the following:- 0 - Slot 0- 1 - Slot 1 |
| ProcessorType | P1 | Supported | String | Use to target settings based on the processor type. |
@@ -72,7 +56,6 @@ The following table shows the conditions supported in Windows client provisionin
| Region | P1 | Supported | Enumeration | Use to target settings based on country/region, using the 2-digit alpha ISO code per [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2). |
| Lang | P1 | Supported | Enumeration | Use to target settings based on language code, using the 2-digit [ISO 639 alpha-2 code](https://en.wikipedia.org/wiki/ISO_639). |
-
The matching types supported in Windows client are:
| Matching type | Syntax | Example |
@@ -80,11 +63,11 @@ The matching types supported in Windows client are:
| Straight match | Matching type is specified as-is | <Condition Name="ProcessorName" Value="Barton" /> |
| Regular expression (Regex) match | Matching type is prefixed by "Pattern:" | <Condition Name="ProcessorName" Value="Pattern:.*Celeron.*" /> |
| Numeric range match | Matching type is prefixed by "!Range:" | <Condition Name="MNC" Value="!Range:400, 550" /> |
-
+
### TargetState priorities
-You can define more than one **TargetState** within a provisioning package to apply settings to devices that match device conditions. When the provisioning engine evaluates each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the settings are applied, the system assigns a priority to every **TargetState**.
+You can define more than one **TargetState** within a provisioning package to apply settings to devices that match device conditions. When the provisioning engine evaluates each **TargetState**, more than one **TargetState** may fit current device conditions. To determine the order in which the settings are applied, the system assigns a priority to every **TargetState**.
A setting that matches a **TargetState** with a lower priority is applied before the setting that matches a **TargetState** with a higher priority. This means that a setting for the **TargetState** with the higher priority can overwrite a setting for the **TargetState** with the lower priority.
@@ -94,13 +77,13 @@ The **TargetState** priority is assigned based on the condition's priority (see
1. A **TargetState** with P0 conditions is higher than a **TargetState** without P0 conditions.
-2. A **TargetState** with both P0 and P1 conditions is higher than a **TargetState** with only P0 conditions.
+1. A **TargetState** with both P0 and P1 conditions is higher than a **TargetState** with only P0 conditions.
-2. A **TargetState** with a greater number of matched P0 conditions is higher than **TargetState** with fewer matched P0 conditions, regardless of the number of P1 conditions matched.
+1. A **TargetState** with a greater number of matched P0 conditions is higher than **TargetState** with fewer matched P0 conditions, regardless of the number of P1 conditions matched.
-2. If the number of P0 conditions matched are equivalent, then the **TargetState** with the most matched P1 conditions has higher priority.
+1. If the number of P0 conditions matched are equivalent, then the **TargetState** with the most matched P1 conditions has higher priority.
-3. If both P0 and P1 conditions are equally matched, then the **TargetState** with the greatest total number of matched conditions has highest priority.
+1. If both P0 and P1 conditions are equally matched, then the **TargetState** with the greatest total number of matched conditions has highest priority.
@@ -108,14 +91,13 @@ The **TargetState** priority is assigned based on the condition's priority (see
Follow these steps to create a provisioning package with multivariant capabilities.
-
1. Build a provisioning package and configure the customizations you want to apply during certain conditions. For more information, see [Create a provisioning package](provisioning-create-package.md).
-2. After you've [configured the settings](provisioning-create-package.md#configure-settings), save the project.
+1. After you've [configured the settings](provisioning-create-package.md#configure-settings), save the project.
-3. Open the project folder and copy the customizations.xml file to any local location.
+1. Open the project folder and copy the customizations.xml file to any local location.
-4. Use an XML or text editor to open the customizations.xml file.
+1. Use an XML or text editor to open the customizations.xml file.
The customizations.xml file holds the package metadata (including the package owner and rank) and the settings that you configured when you created your provisioning package. The **Customizations** node of the file contains a **Common** section, which contains the customization settings.
@@ -145,13 +127,15 @@ Follow these steps to create a provisioning package with multivariant capabiliti
-
+
+
```
-5. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings.
+1. Edit the customizations.xml file to create a **Targets** section to describe the conditions that will handle your multivariant settings.
The following example shows the customizations.xml, which has been modified to include several conditions including **ProcessorName**, **ProcessorType**, **MCC**, and **MNC**.
-
+
+
```XML
@@ -194,14 +178,16 @@ Follow these steps to create a provisioning package with multivariant capabiliti
-
+
+
```
-6. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
+1. In the customizations.xml file, create a **Variant** section for the settings you need to customize. To do this:
a. Define a child **TargetRefs** element.
-
- b. Within the **TargetRefs** element, define a **TargetRef** element. You can define multiple **TargetRef** elements for each **Id** that you need to apply to customized settings.
+
+
+ b. Within the **TargetRefs** element, define a **TargetRef** element. You can define multiple **TargetRef** elements for each **Id** that you need to apply to customized settings.
c. Move compliant settings from the **Common** section to the **Variant** section.
@@ -262,27 +248,27 @@ Follow these steps to create a provisioning package with multivariant capabiliti
-
+
+
```
-7. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.
+1. Save the updated customizations.xml file and note the path to this updated file. You will need the path as one of the values for the next step.
-
-8. Use the [Windows Configuration Designer command-line interface](provisioning-command-line.md) to create a provisioning package using the updated customizations.xml.
+1. Use the [Windows Configuration Designer command-line interface](provisioning-command-line.md) to create a provisioning package using the updated customizations.xml.
For example:
```
icd.exe /Build-ProvisioningPackage /CustomizationXML:"C:\CustomProject\customizations.xml" /PackagePath:"C:\CustomProject\output.ppkg" /StoreFile:C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\Microsoft-Common-Provisioning.dat"
```
-
-In this example, the **StoreFile** corresponds to the location of the settings store that will be used to create the package for the required Windows edition.
+
+In this example, the **StoreFile** corresponds to the location of the settings store that will be used to create the package for the required Windows edition.
>[!NOTE]
>The provisioning package created during this step will contain the multivariant settings. You can use this package either as a standalone package that you can apply to a Windows device or use it as the base when starting another project.
-
+
## Events that trigger provisioning
@@ -291,14 +277,15 @@ When you install the multivariant provisioning package on a Windows client devic
The following events trigger provisioning on Windows client devices:
| Event | Windows client for desktop editions |
-| --- | --- |
+| --- | --- |
| System boot | Supported |
| Operating system update | Planned |
| Package installation during device first run experience | Supported |
| Detection of SIM presence or update | Supported |
| Package installation at runtime | Supported |
| Roaming detected | Not supported |
-
+
+
## Related articles
- [Provisioning packages for Windows client](provisioning-packages.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index aed5ec0d4a..13e86abb25 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -2,27 +2,21 @@
title: Provisioning packages overview
description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
ms.reviewer: kevinsheehan
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
ms.date: 12/31/2017
---
# Provisioning packages for Windows
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. When you use Windows provisioning, an IT administrator can easily specify the desired configuration and settings required to enroll the devices into management. Then, apply that configuration to target devices in a matter of minutes. It's best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers.
+Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. When you use Windows provisioning, an IT administrator can easily specify the desired configuration and settings required to enroll the devices into management. Then, apply that configuration to target devices in a matter of minutes. It's best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers.
A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. It can result in a significant reduction in the time required to configure multiple devices in your organization.
-
-Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
+
+
+Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
@@ -39,21 +33,15 @@ Windows Configuration Designer is available as an [app in the Microsoft Store](h
Provisioning packages let you:
- Quickly configure a new device without going through the process of installing a new image.
-
- Save time by configuring multiple devices using one provisioning package.
-
- Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure.
-
- Set up a device without the device having network connectivity.
Provisioning packages can be:
- Installed using removable media such as an SD card or USB flash drive.
-
- Attached to an email.
-
- Downloaded from a network share.
-
- Deployed in NFC tags or barcodes.
## What you can configure
@@ -64,22 +52,22 @@ The following table describes settings that you can configure using the wizards
| Step | Description | Desktop wizard | Kiosk wizard | HoloLens wizard |
| --- | --- | --- | --- | --- |
-| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove pre-installed software | ✔️ | ✔️ | ✔️ |
-| Set up network | Connect to a Wi-Fi network | ✔️ | ✔️ | ✔️ |
-| Account management | Enroll device in Active Directory, enroll device in Microsoft Entra ID, or create a local administrator account | ✔️ | ✔️ | ✔️ |
-| Bulk Enrollment in Microsoft Entra ID | Enroll device in Microsoft Entra ID using Bulk Token [Set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment. | ✔️ | ✔️ | ✔️ |
-| Add applications | Install applications using the provisioning package. | ✔️ | ✔️ | ❌ |
-| Add certificates | Include a certificate file in the provisioning package. | ✔️ | ✔️ | ✔️ |
-| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✔️ | ❌ |
-| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✔️ | ❌ |
-| Developer Setup | Enable Developer Mode | ❌ | ❌ | ✔️ |
+| Set up device | Assign device name, enter product key to upgrade Windows, configure shared use, remove pre-installed software | ✅ | ✅ | ✅ |
+| Set up network | Connect to a Wi-Fi network | ✅ | ✅ | ✅ |
+| Account management | Enroll device in Active Directory, enroll device in Microsoft Entra ID, or create a local administrator account | ✅ | ✅ | ✅ |
+| Bulk Enrollment in Microsoft Entra ID | Enroll device in Microsoft Entra ID using Bulk Token [Set up Microsoft Entra join in your organization](/azure/active-directory/active-directory-azureadjoin-setup), before you use Windows Configuration Designer wizard to configure bulk Microsoft Entra enrollment. | ✅ | ✅ | ✅ |
+| Add applications | Install applications using the provisioning package. | ✅ | ✅ | ❌ |
+| Add certificates | Include a certificate file in the provisioning package. | ✅ | ✅ | ✅ |
+| Configure kiosk account and app | Create local account to run the kiosk mode app, specify the app to run in kiosk mode | ❌ | ✅ | ❌ |
+| Configure kiosk common settings | Set tablet mode, configure welcome and shutdown screens, turn off timeout settings | ❌ | ✅ | ❌ |
+| Developer Setup | Enable Developer Mode | ❌ | ❌ | ✅ |
- [Instructions for the desktop wizard](provision-pcs-for-initial-deployment.md)
- [Instructions for the kiosk wizard](../kiosk-single-app.md#wizard)
- [Instructions for the HoloLens wizard](/hololens/hololens-provisioning#wizard)
>[!NOTE]
->After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
+>After you start a project using a Windows Configuration Designer wizard, you can switch to the advanced editor to configure additional settings in the provisioning package.
### Configuration Designer advanced editor
@@ -102,26 +90,26 @@ For details about the settings you can customize in provisioning packages, see [
-
+
-WCD, simplified common provisioning scenarios.
+WCD, simplified common provisioning scenarios.
-:::image type="content" source="../images/icd.png" alt-text="Configuration Designer options":::
+:::image type="content" source="images/icd.png" alt-text="Configuration Designer options":::
WCD supports the following scenarios for IT administrators:
-* **Simple provisioning** – Enables IT administrators to define a desired configuration in WCD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner.
+- **Simple provisioning** - Enables IT administrators to define a desired configuration in WCD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner.
[Learn how to use simple provisioning to configure Windows computers.](provision-pcs-for-initial-deployment.md)
-* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices.
+- **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** - Allows an IT administrator to use WCD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices.
-* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows devices and enroll them into mobile device management (MDM) before handing them to end users in the organization. IT administrators can use WCD to specify the management endpoint and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include:
+- **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows devices and enroll them into mobile device management (MDM) before handing them to end users in the organization. IT administrators can use WCD to specify the management endpoint and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include:
- - Microsoft Intune (certificate-based enrollment)
- - AirWatch (password-string based enrollment)
- - MobileIron (password-string based enrollment)
- - Other MDMs (cert-based enrollment)
+ - Microsoft Intune (certificate-based enrollment)
+ - AirWatch (password-string based enrollment)
+ - MobileIron (password-string based enrollment)
+ - Other MDMs (cert-based enrollment)
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 074f0168f1..4c938d7786 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -1,25 +1,13 @@
---
-title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
+title: PowerShell cmdlets for provisioning Windows 10/11
description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.localizationpriority: medium
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.technology: itpro-configure
+
ms.date: 12/31/2017
---
# PowerShell cmdlets for provisioning Windows client (reference)
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it easy to script the following functions.
## cmdlets
@@ -59,7 +47,7 @@ Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it e
- `Install-TrustedProvisioningCertificate `
-- **Get-TrustedProvisioningCertificate**: Lists all installed trusted provisioning certificates. Use this cmdlet to get the certificate thumbprint to use with the `Uninstall-TrustedProvisioningCertificate` cmdlet.
+- **Get-TrustedProvisioningCertificate**: Lists all installed trusted provisioning certificates. Use this cmdlet to get the certificate thumbprint to use with the `Uninstall-TrustedProvisioningCertificate` cmdlet.
Syntax:
@@ -74,7 +62,7 @@ Windows client includes Provisioning PowerShell cmdlets. These cmdlets make it e
>[!NOTE]
> You can use Get-Help to get usage help on any command. For example: `Get-Help Add-ProvisioningPackage`
-Trace logs are captured when using cmdlets. The following logs are available in the logs folder after the cmdlet completes:
+Trace logs are captured when using cmdlets. The following logs are available in the logs folder after the cmdlet completes:
- ProvTrace.<timestamp>.ETL - ETL trace file, unfiltered
- ProvTrace.<timestamp>.XML - ETL trace file converted into raw trace events, unfiltered
@@ -86,7 +74,6 @@ Trace logs are captured when using cmdlets. The following logs are available in
>[!NOTE]
>When applying provisioning packages using Powershell cmdlets, the default behavior is to suppress the prompt that appears when applying an unsigned provisioning package. This is by design so that provisioning packages can be applied as part of existing scripts.
-
## Related articles
- [How provisioning works in Windows client](provisioning-how-it-works.md)
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index e766825729..199616a94e 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -1,32 +1,19 @@
---
-title: Use a script to install a desktop app in provisioning packages (Windows 10/11)
-description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
+title: Use a script to install a desktop app in provisioning packages
+description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
ms.topic: article
-ms.localizationpriority: medium
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Use a script to install a desktop app in provisioning packages
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
This walkthrough describes how to include scripts in a Windows client provisioning package to install Win32 applications. Scripted operations other than installing apps can also be performed. However, some care is needed to avoid unintended behavior during script execution (see [Remarks](#remarks) below).
## Assemble the application assets
-1. On the device where you’re authoring the package, place all of your assets in a known location. Each asset must have a unique filename, because all files will be copied to the same temp directory on the device. It’s common for many apps to have an installer called ‘install.exe’ or similar, and there may be name overlap because of that. To fix this, you can use the technique described in the next step to include a complete directory structure that is then expanded into the temp directory on the device. The most common use for this would be to include a subdirectory for each application.
+1. On the device where you're authoring the package, place all of your assets in a known location. Each asset must have a unique filename, because all files will be copied to the same temp directory on the device. It's common for many apps to have an installer called 'install.exe' or similar, and there may be name overlap because of that. To fix this, you can use the technique described in the next step to include a complete directory structure that is then expanded into the temp directory on the device. The most common use for this would be to include a subdirectory for each application.
-2. If you need to include a directory structure of files, you will need to cab the assets for easy inclusion in the provisioning packages.
+1. If you need to include a directory structure of files, you'll need to cab the assets for easy inclusion in the provisioning packages.
## Cab the application assets
@@ -34,53 +21,31 @@ This walkthrough describes how to include scripts in a Windows client provisioni
```ddf
;*** MSDN Sample Source Code MakeCAB Directive file example
-
;
-
.OPTION EXPLICIT ; Generate errors on variable typos
-
.set DiskDirectoryTemplate=CDROM ; All cabinets go in a single directory
-
.Set MaxDiskFileCount=1000; Limit file count per cabinet, so that
-
; scanning is not too slow
-
.Set FolderSizeThreshold=200000 ; Aim for ~200K per folder
-
.Set CompressionType=MSZIP
-
;** All files are compressed in cabinet files
-
.Set Cabinet=on
-
.Set Compress=on
-
;-------------------------------------------------------------------
-
;** CabinetNameTemplate = name of cab
-
;** DiskDirectory1 = output directory where cab will be created
-
;-------------------------------------------------------------------
-
.Set CabinetNameTemplate=tt.cab
-
.Set DiskDirectory1=.
-
;-------------------------------------------------------------------
-
; Replace with actual files you want to package
-
;-------------------------------------------------------------------
-
-
-
- ;***
+ ;***
```
-2. Use makecab to create the cab files.
+1. Use makecab to create the cab files.
```makecab
Makecab -f
@@ -90,20 +55,20 @@ This walkthrough describes how to include scripts in a Windows client provisioni
Create a script to perform whatever work is needed to install the application(s). The following examples are provided to help get started authoring the orchestrator script that will execute the required installers. In practice, the orchestrator script may reference many more assets than those in these examples.
-You don’t need to create an orchestrator script. You can have one command line per app. If necessary, you can create a script that logs the output per app, as mentioned below (rather than one orchestrator script for the entire provisioning package).
+You don't need to create an orchestrator script. You can have one command line per app. If necessary, you can create a script that logs the output per app, as mentioned below (rather than one orchestrator script for the entire provisioning package).
>[!NOTE]
>All actions performed by the script must happen silently, showing no UI and requiring no user interaction.
>
>The scripts will be run on the device in system context.
-### Debugging example
+### Debugging example
-Granular logging is not built in, so the logging must be built into the script itself. Here is an example script that logs ‘Hello World’ to a logfile. When run on the device, the logfile will be available after provisioning is completed. As you will see in the following examples, it’s recommended that you log each action that your script performs.
+Granular logging isn't built in, so the logging must be built into the script itself. Here's an example script that logs 'Hello World' to a logfile. When run on the device, the logfile will be available after provisioning is completed. As you'll see in the following examples, it's recommended that you log each action that your script performs.
```log
set LOGFILE=%SystemDrive%\HelloWorld.log
-echo Hello, World >> %LOGFILE%
+echo Hello, World >> %LOGFILE%
```
### .exe example
@@ -160,17 +125,15 @@ echo result: %ERRORLEVEL% >> %LOGFILE%
Your provisioning package can include multiple **CommandFiles**.
-You are allowed one **CommandLine** per provisioning package. The batch files shown above are orchestrator scripts that manage the installation and call any other scripts included in the provisioning package. The orchestrator script is what should be invoked from the **CommandLine** specified in the package.
-
-Here’s a table describing this relationship, using the PowerShell example from above:
-
+You're allowed one **CommandLine** per provisioning package. The batch files shown above are orchestrator scripts that manage the installation and call any other scripts included in the provisioning package. The orchestrator script is what should be invoked from the **CommandLine** specified in the package.
+Here's a table describing this relationship, using the PowerShell example from above:
|ICD Setting | Value | Description |
| --- | --- | --- |
| ProvisioningCommands/DeviceContext/CommandLine | cmd /c PowerShell_Example.bat | The command line needed to invoke the orchestrator script. |
| ProvisioningCommands/DeviceContext/CommandFiles | PowerShell_Example.bat | The single orchestrator script referenced by the command line that handles calling into the required installers or performing any other actions such as expanding cab files. This script must do the required logging. |
-| ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example, there is only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
+| ProvisioningCommands/DeviceContext/CommandFiles | my_powershell_script.ps1 | Other assets referenced by the orchestrator script. In this example, there's only one, but there could be many assets referenced here. One common use case is using the orchestrator to call a series of install.exe or setup.exe installers to install several applications. Each of those installers must be included as an asset here. |
### Add script to provisioning package
@@ -184,40 +147,41 @@ cmd /c InstallMyApp.bat
In Windows Configuration Designer, this looks like:
-
+
You also need to add the relevant assets for that command line including the orchestrator script and any other assets it references such as installers or .cab files.
In Windows Configuration Designer, that is done by adding files under the `ProvisioningCommands/DeviceContext/CommandFiles` setting.
-
-
-When you are done, [build the package](provisioning-create-package.md#build-package).
-
+
+When you're done, [build the package](provisioning-create-package.md#build-package).
### Remarks
-1. No user interaction or console output is supported via ProvisioningCommands. All work needs to be silent. If your script attempts to do any of the following it will cause undefined behavior, and could put the device in an unrecoverable state if executed during setup or the Out of Box Experience:
- a. Echo to console
- b. Display anything on the screen
- c. Prompt the user with a dialog or install wizard
-2. When applied at first boot, provisioning runs early in the boot sequence and before a user context has been established; care must be taken to only include installers that can run at this time. Other installers can be provisioned via a management tool.
-3. If the device is put into an unrecoverable state because of a bad script, you can reset it using [recovery options in Windows client](https://support.microsoft.com/help/12415/windows-10-recovery-options).
-4. The CommandFile assets are deployed on the device to a temporary folder unique to each package.
+1. No user interaction or console output is supported via ProvisioningCommands. All work needs to be silent. If your script attempts to do any of the following it causes undefined behavior, and could put the device in an unrecoverable state if executed during setup or the Out of Box Experience:
+
+ 1. Echo to console
+ 1. Display anything on the screen
+ 1. Prompt the user with a dialog or install wizard
+
+1. When applied at first boot, provisioning runs early in the boot sequence and before a user context has been established; care must be taken to only include installers that can run at this time. Other installers can be provisioned via a management tool.
+1. If the device is put into an unrecoverable state because of a bad script, you can reset it using [recovery options in Windows client](https://support.microsoft.com/help/12415/windows-10-recovery-options).
+1. The CommandFile assets are deployed on the device to a temporary folder unique to each package.
1. For packages added during the out of box experience, this is usually in `%WINDIR%\system32\config\systemprofile\appdata\local\Temp\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
The `0` after `Commands\` refers to the installation order and indicates the first app to be installed. The number will increment for each app in the package.
- 2. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the provisioning package: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
+ 1. For packages added by double-clicking on an already deployed device, this will be in the temp folder for the user executing the provisioning package: `%TMP%\ProvisioningPkgTmp\<{PackageIdGuid}>\Commands\0`
-5. The command line will be executed with the directory the CommandFiles were deployed to as the working directory. This means you do not need to specific the full path to assets in the command line or from within any script.
-6. The runtime provisioning component will attempt to run the scripts from the provisioning package at the earliest point possible, depending on the stage when the PPKG was added. For example, if the package was added during the Out-of-Box Experience, it will be run immediately after the package is applied, while the out of box experience is still happening. This is before the user account configuration options are presented to the user. A spinning progress dialog will appear and “please wait” will be displayed on the screen.
+1. The command line will be executed with the directory the CommandFiles were deployed to as the working directory. This means you do not need to specific the full path to assets in the command line or from within any script.
+1. The runtime provisioning component will attempt to run the scripts from the provisioning package at the earliest point possible, depending on the stage when the PPKG was added. For example, if the package was added during the Out-of-Box Experience, it will be run immediately after the package is applied, while the out of box experience is still happening. This is before the user account configuration options are presented to the user. A spinning progress dialog will appear and "please wait" will be displayed on the screen.
>[!NOTE]
- >There is a timeout of 30 minutes for the provisioning process at this point. All scripts and installs need to complete within this time.
-7. The scripts are executed in the background as the rest of provisioning continues to run. For packages added on existing systems using the double-click to install, there is no notification that provisioning or script execution has completed
+ >There is a timeout of 30 minutes for the provisioning process at this point. All scripts and installs need to complete within this time.
+
+1. The scripts are executed in the background as the rest of provisioning continues to run. For packages added on existing systems using the double-click to install, there's no notification that provisioning or script execution has completed
## Related articles
@@ -231,5 +195,3 @@ When you are done, [build the package](provisioning-create-package.md#build-pack
- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
-
-
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 1ae2f42140..9a75ffc29b 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -1,90 +1,58 @@
---
-title: Uninstall a provisioning package - reverted settings (Windows 10/11)
+title: Uninstall a provisioning package - reverted settings
description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.localizationpriority: medium
-ms.reviewer: gkomatsu
-manager: aaroncz
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
# Settings changed when you uninstall a provisioning package
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
When you uninstall a provisioning package, only certain settings are revertible. This article lists the settings that are reverted when you uninstall a provisioning package.
-
As an administrator, you can uninstall by using the **Add or remove a package for work or school** option available under **Settings** > **Accounts** > **Access work or school**.
-When a provisioning package is uninstalled, some of its settings are reverted, which means the value for the setting is changed to the next available or default value. Not all settings, however, are revertible.
+When a provisioning package is uninstalled, some of its settings are reverted, which means the value for the setting is changed to the next available or default value. Not all settings, however, are revertible.
-Only settings in the following lists are revertible.
+Only settings in the following lists are revertible.
## Registry-based settings
-The registry-based settings that are revertible when a provisioning package is uninstalled all fall under these categories, which you can find in the Windows Configuration Designer.
-
+The registry-based settings that are revertible when a provisioning package is uninstalled all fall under these categories, which you can find in the Windows Configuration Designer.
- [Wi-Fi Sense](../wcd/wcd-connectivityprofiles.md#wifisense)
- [CountryAndRegion](../wcd/wcd-countryandregion.md)
- DeviceManagement / PGList/ LogicalProxyName
- UniversalAppInstall / LaunchAppAtLogin
- [Power](/previous-versions//dn953704(v=vs.85))
-- [TabletMode](../wcd/wcd-tabletmode.md)
-- [Maps](../wcd/wcd-maps.md)
+- [TabletMode](../wcd/wcd-tabletmode.md)
+- [Maps](../wcd/wcd-maps.md)
- [Browser](../wcd/wcd-browser.md)
-- [DeviceFormFactor](../wcd/wcd-deviceformfactor.md)
-- [USBErrorsOEMOverride](/previous-versions/windows/hardware/previsioning-framework/mt769908(v=vs.85))
-- [WeakCharger](../wcd/wcd-weakcharger.md)
-
-
+- [DeviceFormFactor](../wcd/wcd-deviceformfactor.md)
+- [USBErrorsOEMOverride](/previous-versions/windows/hardware/previsioning-framework/mt769908(v=vs.85))
+- [WeakCharger](../wcd/wcd-weakcharger.md)
## CSP-based settings
-Here is the list of revertible settings based on configuration service providers (CSPs).
+Here is the list of revertible settings based on configuration service providers (CSPs).
-[ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
-[AppLocker CSP](/windows/client-management/mdm/applocker-csp)
-[BrowserFavorite CSP](/windows/client-management/mdm/browserfavorite-csp)
-[CertificateStore CSP](/windows/client-management/mdm/certificatestore-csp)
-[ClientCertificateInstall CSP](/windows/client-management/mdm/clientcertificateinstall-csp)
-[RootCATrustedCertificates CSP](/windows/client-management/mdm/rootcacertificates-csp)
-[CM_CellularEntries CSP](/windows/client-management/mdm/cm-cellularentries-csp)
-[CM_ProxyEntries CSP](/windows/client-management/mdm/cm-proxyentries-csp)
-[CMPolicy CSP](/windows/client-management/mdm/cmpolicy-csp)
-[CMPolicyEnterprise CSP](/windows/client-management/mdm/cmpolicyenterprise-csp)
-[EMAIL2 CSP](/windows/client-management/mdm/email2-csp)
-[EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
-[EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
-[EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
-[NAP CSP](/windows/client-management/mdm/nap-csp)
-[PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
-[Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
-[SecureAssessment CSP](/windows/client-management/mdm/secureassessment-csp)
-[VPN CSP](/windows/client-management/mdm/vpn-csp)
-[VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
-[WiFi CSP](/windows/client-management/mdm/wifi-csp)
-
-
-
-## Related articles
-
-- [Provisioning packages for Windows client](provisioning-packages.md)
-- [How provisioning works in Windows client](provisioning-how-it-works.md)
-- [Install Windows Configuration Designer](provisioning-install-icd.md)
-- [Create a provisioning package](provisioning-create-package.md)
-- [Apply a provisioning package](provisioning-apply-package.md)
-- [Provision PCs with common settings for initial deployment (simple provisioning)](provision-pcs-for-initial-deployment.md)
-- [Use a script to install a desktop app in provisioning packages](provisioning-script-to-install-app.md)
-- [PowerShell cmdlets for provisioning Windows client (reference)](provisioning-powershell.md)
-- [Windows Configuration Designer command-line interface (reference)](provisioning-command-line.md)
-- [Create a provisioning package with multivariant settings](provisioning-multivariant.md)
+[ActiveSync CSP](/windows/client-management/mdm/activesync-csp)
+[AppLocker CSP](/windows/client-management/mdm/applocker-csp)
+[BrowserFavorite CSP](/windows/client-management/mdm/browserfavorite-csp)
+[CertificateStore CSP](/windows/client-management/mdm/certificatestore-csp)
+[ClientCertificateInstall CSP](/windows/client-management/mdm/clientcertificateinstall-csp)
+[RootCATrustedCertificates CSP](/windows/client-management/mdm/rootcacertificates-csp)
+[CM_CellularEntries CSP](/windows/client-management/mdm/cm-cellularentries-csp)
+[CM_ProxyEntries CSP](/windows/client-management/mdm/cm-proxyentries-csp)
+[CMPolicy CSP](/windows/client-management/mdm/cmpolicy-csp)
+[CMPolicyEnterprise CSP](/windows/client-management/mdm/cmpolicyenterprise-csp)
+[EMAIL2 CSP](/windows/client-management/mdm/email2-csp)
+[EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp)
+[EnterpriseDesktopAppManagement CSP](/windows/client-management/mdm/enterprisedesktopappmanagement-csp)
+[EnterpriseModernAppManagement CSP](/windows/client-management/mdm/enterprisemodernappmanagement-csp)
+[NAP CSP](/windows/client-management/mdm/nap-csp)
+[PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp)
+[Provisioning CSP](/windows/client-management/mdm/provisioning-csp)
+[SecureAssessment CSP](/windows/client-management/mdm/secureassessment-csp)
+[VPN CSP](/windows/client-management/mdm/vpn-csp)
+[VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp)
+[WiFi CSP](/windows/client-management/mdm/wifi-csp)
diff --git a/windows/configuration/provisioning-packages/toc.yml b/windows/configuration/provisioning-packages/toc.yml
new file mode 100644
index 0000000000..818ccc679e
--- /dev/null
+++ b/windows/configuration/provisioning-packages/toc.yml
@@ -0,0 +1,29 @@
+items:
+ - name: Provisioning packages for Windows client
+ href: provisioning-packages.md
+ - name: How provisioning works in Windows client
+ href: provisioning-how-it-works.md
+ - name: Introduction to configuration service providers (CSPs)
+ href: how-it-pros-can-use-configuration-service-providers.md
+ - name: Install Windows Configuration Designer
+ href: provisioning-install-icd.md
+ - name: Create a provisioning package
+ href: provisioning-create-package.md
+ - name: Apply a provisioning package
+ href: provisioning-apply-package.md
+ - name: Settings changed when you uninstall a provisioning package
+ href: provisioning-uninstall-package.md
+ - name: Provision PCs with common settings for initial deployment (desktop wizard)
+ href: provision-pcs-for-initial-deployment.md
+ - name: Provision PCs with apps
+ href: provision-pcs-with-apps.md
+ - name: Use a script to install a desktop app in provisioning packages
+ href: provisioning-script-to-install-app.md
+ - name: Create a provisioning package with multivariant settings
+ href: provisioning-multivariant.md
+ - name: PowerShell cmdlets for provisioning Windows client (reference)
+ href: provisioning-powershell.md
+ - name: Diagnose provisioning packages
+ href: diagnose-provisioning-packages.md
+ - name: Windows Configuration Designer command-line interface (reference)
+ href: provisioning-command-line.md
\ No newline at end of file
diff --git a/windows/configuration/shared-pc/images/intune.svg b/windows/configuration/shared-pc/images/intune.svg
new file mode 100644
index 0000000000..6e0d938aed
--- /dev/null
+++ b/windows/configuration/shared-pc/images/intune.svg
@@ -0,0 +1,24 @@
+
\ No newline at end of file
diff --git a/windows/configuration/shared-pc/images/powershell.svg b/windows/configuration/shared-pc/images/powershell.svg
new file mode 100644
index 0000000000..ab2d5152ca
--- /dev/null
+++ b/windows/configuration/shared-pc/images/powershell.svg
@@ -0,0 +1,20 @@
+
\ No newline at end of file
diff --git a/windows/configuration/shared-pc/images/provisioning-package.svg b/windows/configuration/shared-pc/images/provisioning-package.svg
new file mode 100644
index 0000000000..dbbad7d780
--- /dev/null
+++ b/windows/configuration/shared-pc/images/provisioning-package.svg
@@ -0,0 +1,3 @@
+
\ No newline at end of file
diff --git a/windows/configuration/images/shared-pc-intune.png b/windows/configuration/shared-pc/images/shared-pc-intune.png
similarity index 100%
rename from windows/configuration/images/shared-pc-intune.png
rename to windows/configuration/shared-pc/images/shared-pc-intune.png
diff --git a/windows/configuration/images/shared-pc-wcd.png b/windows/configuration/shared-pc/images/shared-pc-wcd.png
similarity index 100%
rename from windows/configuration/images/shared-pc-wcd.png
rename to windows/configuration/shared-pc/images/shared-pc-wcd.png
diff --git a/windows/configuration/images/sharedpc-guest-win11.png b/windows/configuration/shared-pc/images/sharedpc-guest-win11.png
similarity index 100%
rename from windows/configuration/images/sharedpc-guest-win11.png
rename to windows/configuration/shared-pc/images/sharedpc-guest-win11.png
diff --git a/windows/configuration/images/sharedpc-kiosk-win11se.png b/windows/configuration/shared-pc/images/sharedpc-kiosk-win11se.png
similarity index 100%
rename from windows/configuration/images/sharedpc-kiosk-win11se.png
rename to windows/configuration/shared-pc/images/sharedpc-kiosk-win11se.png
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
similarity index 93%
rename from windows/configuration/set-up-shared-or-guest-pc.md
rename to windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
index 37d205a15f..10db6ae8f9 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/shared-pc/set-up-shared-or-guest-pc.md
@@ -2,15 +2,7 @@
title: Set up a shared or guest Windows device
description: Description of how to configured Shared PC mode, which is a Windows feature that optimizes devices for shared use scenarios.
ms.date: 11/08/2023
-ms.prod: windows-client
-ms.technology: itpro-configure
ms.topic: how-to
-author: paolomatarazzo
-ms.author: paoloma
-appliesto:
- - ✅ Windows 10
- - ✅ Windows 11
- - ✅ Windows 11 SE
---
# Set up a shared or guest Windows device
@@ -33,17 +25,17 @@ Shared PC can be configured using the following methods:
Follow the instructions below to configure your devices, selecting the option that best suits your needs.
-#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+#### [:::image type="icon" source="images/intune.svg"::: **Intune**](#tab/intune)
To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Shared PC`**:
-:::image type="content" source="./images/shared-pc-intune.png" alt-text="Screenshot that shows the Shared PC policies in the Intune settings catalog." lightbox="./images/shared-pc-intune.png" border="True":::
+:::image type="content" source="images/shared-pc-intune.png" alt-text="Screenshot that shows the Shared PC policies in the Intune settings catalog." lightbox="images/shared-pc-intune.png" border="True":::
Assign the policy to a security group that contains as members the devices or users that you want to configure.
Alternatively, you can configure devices using a [custom policy][MEM-1] with the [SharedPC CSP][WIN-3].
-#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
+#### [:::image type="icon" source="images/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
To configure devices using a provisioning package, [create a provisioning package][WIN-1] using WCD, and use the settings listed under the category **`SharedPC`**:
@@ -53,7 +45,7 @@ For a list and description of CSP settings exposed in Windows Configuration Desi
Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created.
-#### [:::image type="icon" source="images/icons/powershell.svg"::: **PowerShell**](#tab/powershell)
+#### [:::image type="icon" source="images/powershell.svg"::: **PowerShell**](#tab/powershell)
To configure devices using a PowerShell script, you can use the [MDM Bridge WMI Provider][WIN-6].
@@ -111,8 +103,10 @@ For more information, see [Using PowerShell scripting with the WMI Bridge Provid
$adminName = "LocalAdmin"
$adminPass = 'Pa$$word123'
invoke-expression "net user /add $adminName $adminPass"
- $user = New-Object System.Security.Principal.NTAccount($adminName)
- $sid = $user.Translate([System.Security.Principal.SecurityIdentifier])
+ $user = New-Object System.Security.Principal.NTAccount($adminName)
+
+ $sid = $user.Translate([System.Security.Principal.SecurityIdentifier])
+
$sid = $sid.Value;
New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
```
diff --git a/windows/configuration/shared-devices-concepts.md b/windows/configuration/shared-pc/shared-devices-concepts.md
similarity index 81%
rename from windows/configuration/shared-devices-concepts.md
rename to windows/configuration/shared-pc/shared-devices-concepts.md
index 2fdab61b30..1a5a943367 100644
--- a/windows/configuration/shared-devices-concepts.md
+++ b/windows/configuration/shared-pc/shared-devices-concepts.md
@@ -3,64 +3,58 @@ title: Manage multi-user and guest Windows devices
description: options to optimize Windows devices used in shared scenarios, such touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
ms.date: 11/08/2023
ms.topic: concept-article
-author: paolomatarazzo
-ms.author: paoloma
-appliesto:
- - ✅ Windows 10
- - ✅ Windows 11
- - ✅ Windows 11 SE
----
+---
-# Manage multi-user and guest Windows devices with Shared PC
+# Manage multi-user and guest Windows devices with Shared PC
Windows allows multiple users to sign in and use the same device, which is useful in scenarios like touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
-As more users access the same device, more resources on the devices are used. This can lead to performance issues and a degraded user experience.
+As more users access the same device, more resources on the devices are used. This can lead to performance issues and a degraded user experience.
-To optimize multi-user and guest devices, Windows provides options through a feature called *Shared PC*. These settings are designed to improve the experience for all users on the device, and to reduce the administrative overhead caused by the maintenance of multiple user profiles.
+To optimize multi-user and guest devices, Windows provides options through a feature called *Shared PC*. These settings are designed to improve the experience for all users on the device, and to reduce the administrative overhead caused by the maintenance of multiple user profiles.
-This article describes the different options available in Shared PC.
+This article describes the different options available in Shared PC.
-## Shared PC mode
+## Shared PC mode
-A Windows device enabled for *Shared PC mode* is designed to be maintenance-free with high reliability. Devices configured in Shared PC mode have different settings designed to improve the experience for all users accessing a shared device.
+A Windows device enabled for *Shared PC mode* is designed to be maintenance-free with high reliability. Devices configured in Shared PC mode have different settings designed to improve the experience for all users accessing a shared device.
-## Account management
+## Account management
-When *Account management* is configured, user profiles are automatically deleted to free up disk space and resources. Account management is performed both at sign-out time and during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out, based on disk space thresholds, or based on inactivity thresholds.
+When *Account management* is configured, user profiles are automatically deleted to free up disk space and resources. Account management is performed both at sign-out time and during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out, based on disk space thresholds, or based on inactivity thresholds.
> [!IMPORTANT]
-> Shared PC is designed to take advantage of maintenance time periods, which run while the device is not in use. Therefore, devices should be put to **sleep** instead of shut down, so that they can wake up to perform maintenance tasks.
+> Shared PC is designed to take advantage of maintenance time periods, which run while the device is not in use. Therefore, devices should be put to **sleep** instead of shut down, so that they can wake up to perform maintenance tasks.
> [!TIP]
-> While Shared PC does not configure the Windows Update client, it is recommended to configure Windows Update to automatically install updates and reboot during maintenance hours. This will help ensure the device is always up to date without interrupting users when the device is in use.
+> While Shared PC does not configure the Windows Update client, it is recommended to configure Windows Update to automatically install updates and reboot during maintenance hours. This will help ensure the device is always up to date without interrupting users when the device is in use.
-### Account models
+### Account models
-Shared PC offers the possibility to enable a **Guest** option on the sign-in screen. The Guest option doesn't require any user credentials or authentication, and creates a new local account each time it's used with access to the desktop. A **Guest button** is shown on the sign-in screen that a user can select.
+Shared PC offers the possibility to enable a **Guest** option on the sign-in screen. The Guest option doesn't require any user credentials or authentication, and creates a new local account each time it's used with access to the desktop. A **Guest button** is shown on the sign-in screen that a user can select.
-:::image type="content" source="./images/sharedpc-guest-win11.png" alt-text="Windows 11 sign-in screen with Guest option enabled." border="True":::
+:::image type="content" source="./images/sharedpc-guest-win11.png" alt-text="Windows 11 sign-in screen with Guest option enabled." border="True":::
-Shared PC also offers a **Kiosk** mode, which automatically executes a specific application when the kiosk account signs-in. This is useful in scenarios where the device is accessed for a specific purpose, such as test taking in a school.
+Shared PC also offers a **Kiosk** mode, which automatically executes a specific application when the kiosk account signs-in. This is useful in scenarios where the device is accessed for a specific purpose, such as test taking in a school.
-:::image type="content" source="./images/sharedpc-kiosk-win11se.png" alt-text="Windows 11 sign-in screen with Guest and Kiosk options enabled." border="True":::
+:::image type="content" source="./images/sharedpc-kiosk-win11se.png" alt-text="Windows 11 sign-in screen with Guest and Kiosk options enabled." border="True":::
-## Advanced customizations
+## Advanced customizations
-Shared PC offers advanced customizations for shared devices, such as specific settings for education devices, low end devices, and more.
+Shared PC offers advanced customizations for shared devices, such as specific settings for education devices, low end devices, and more.
-Shared devices require special considerations regarding power settings. Shared PC makes it easy to configure power settings for shared devices. The power settings are configured in the local group policy object (LGPO).
+Shared devices require special considerations regarding power settings. Shared PC makes it easy to configure power settings for shared devices. The power settings are configured in the local group policy object (LGPO).
> [!NOTE]
-> For devices without Advanced Configuration and Power Interface (ACPI) wake alarms, Shared PC will override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
+> For devices without Advanced Configuration and Power Interface (ACPI) wake alarms, Shared PC will override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
-## Additional information
+## Additional information
- To learn how to configure Shared PC, see [Set up a shared or guest Windows device](set-up-shared-or-guest-pc.md).
- For a list of settings configured by the different options offered by Shared PC, see the [Shared PC technical reference](shared-pc-technical.md).
- For a list of settings exposed by the SharedPC configuration service provider, see [SharedPC CSP][WIN-1].
-- For a list of settings exposed by Windows Configuration Designer, see [SharedPC CSP][WIN-2].
+- For a list of settings exposed by Windows Configuration Designer, see [SharedPC CSP][WIN-2].
-
+
[WIN-1]: /windows/client-management/mdm/sharedpc-csp
[WIN-2]: /windows/configuration/wcd/wcd-sharedpc
\ No newline at end of file
diff --git a/windows/configuration/shared-pc-technical.md b/windows/configuration/shared-pc/shared-pc-technical.md
similarity index 88%
rename from windows/configuration/shared-pc-technical.md
rename to windows/configuration/shared-pc/shared-pc-technical.md
index 652336403e..623303a671 100644
--- a/windows/configuration/shared-pc-technical.md
+++ b/windows/configuration/shared-pc/shared-pc-technical.md
@@ -3,26 +3,20 @@ title: Shared PC technical reference
description: List of policies and settings applied by the Shared PC options.
ms.date: 11/08/2023
ms.topic: reference
-author: paolomatarazzo
-ms.author: paoloma
-appliesto:
- - ✅ Windows 10
- - ✅ Windows 11
- - ✅ Windows 11 SE
----
+---
-# Shared PC technical reference
+# Shared PC technical reference
-This article details the settings configured by the different options of Shared PC.
+This article details the settings configured by the different options of Shared PC.
> [!IMPORTANT]
-> The behavior of some options have changed over time. This article describes the current settings applied by Shared PC.
+> The behavior of some options have changed over time. This article describes the current settings applied by Shared PC.
-## EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync
+## EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync
-EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync are the two policies that enable **Shared PC mode**. The only difference between the two is that EnableSharedPCModeWithOneDriveSync enables OneDrive synchronization, while EnableSharedPCMode disables it.
+EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync are the two policies that enable **Shared PC mode**. The only difference between the two is that EnableSharedPCModeWithOneDriveSync enables OneDrive synchronization, while EnableSharedPCMode disables it.
-When enabling Shared PC mode, the following settings in the local GPO are configured:
+When enabling Shared PC mode, the following settings in the local GPO are configured:
| Policy setting | Status |
|--|--|
@@ -48,26 +42,26 @@ When enabling Shared PC mode, the following settings in the local GPO are config
| Windows Components/OneDrive/Prevent the usage of OneDrive for file storage |**Enabled** if using EnableSharedPCMode
**Disabled** is using EnableSharedPCModeWithOneDriveSync |
| Windows Components/Windows Hello for Business/Use biometrics | Disabled |
| Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
-| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
+| Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
| Extra registry setting | Status |
|-------------------------------------------------------------------------------------------------------------------|----------|
| Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
-| Software\Policies\Microsoft\Windows\PreviewBuilds\AllowBuildPreview () | 0 |
+| Software\Policies\Microsoft\Windows\PreviewBuilds\AllowBuildPreview () | 0 |
-## SetEDUPolicy
+## SetEDUPolicy
-By enabling SetEDUPolicy, the following settings in the local GPO are configured:
+By enabling SetEDUPolicy, the following settings in the local GPO are configured:
| Policy setting | Status |
|--|--|
| System/User Profiles/Turn off the advertising ID | Enabled |
| Windows Components/Cloud Content/Do not show Windows tips | Enabled |
-| Windows Components/Cloud Content/Turn off Microsoft consumer experiences | Enabled |
+| Windows Components/Cloud Content/Turn off Microsoft consumer experiences | Enabled |
-## SetPowerPolicies
+## SetPowerPolicies
-By enabling SetPowerPolicies, the following settings in the local GPO are configured:
+By enabling SetPowerPolicies, the following settings in the local GPO are configured:
| Policy setting | Status|
|--|--|
@@ -83,41 +77,42 @@ By enabling SetPowerPolicies, the following settings in the local GPO are config
| System/Power Management/Sleep Settings/Specify the system hibernate timeout (on battery) | 0 (Hibernation disabled) |
| System/Power Management/Sleep Settings/Specify the system hibernate timeout (plugged in) | 0 (Hibernation disabled) |
| System/Power Management/Sleep Settings/Turn off hybrid sleep (on battery) | Enabled |
-| System/Power Management/Sleep Settings/Turn off hybrid sleep (plugged in) | Enabled |
+| System/Power Management/Sleep Settings/Turn off hybrid sleep (plugged in) | Enabled |
-## MaintenanceStartTime
+## MaintenanceStartTime
-By enabling MaintenanceStartTime, the following settings in the local GPO are configured:
+By enabling MaintenanceStartTime, the following settings in the local GPO are configured:
| Policy setting | Status|
|--------------------------------------------------------------------------------------|--------------------------------|
| Windows Components/Maintenance Scheduler/Automatic Maintenance Activation Boundary | 2000-01-01T00:00:00 (midnight) |
| Windows Components/Maintenance Scheduler/Automatic Maintenance Random Delay | Enabled PT2H (2 hours) |
-| Windows Components/Maintenance Scheduler/Automatic Maintenance WakeUp Policy | Enabled |
+| Windows Components/Maintenance Scheduler/Automatic Maintenance WakeUp Policy | Enabled |
-## SignInOnResume
+## SignInOnResume
-By enabling SignInOnResume, the following settings in the local GPO are configured:
+By enabling SignInOnResume, the following settings in the local GPO are configured:
| Policy setting | Status|
|--|--|
| System/Logon/Allow users to select when a password is required when resuming from connected standby | Disabled |
| System/Power Management/Sleep Settings/Require a password when a computer wakes (on battery) | Enabled |
-| System/Power Management/Sleep Settings/Require a password when a computer wakes (plugged in) | Enabled |
+| System/Power Management/Sleep Settings/Require a password when a computer wakes (plugged in) | Enabled |
-## EnableAccountManager
+## EnableAccountManager
-By enabling Enableaccountmanager, the following schedule task is turned on: `\Microsoft\Windows\SharedPC\Account Cleanup`.
+By enabling Enableaccountmanager, the following schedule task is turned on: `\Microsoft\Windows\SharedPC\Account Cleanup`.
-## Shared PC APIs and app behavior
+## Shared PC APIs and app behavior
-Applications can take advantage of Shared PC mode with the following three APIs:
+Applications can take advantage of Shared PC mode with the following three APIs:
- [**IsEnabled**][API-1] - This API informs applications when the device is configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
- [**ShouldAvoidLocalStorage**][API-2] - This API informs applications when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.
-- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.
------------
+- [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.
+
+-----------
[API-1]: /uwp/api/windows.system.profile.sharedmodesettings.isenabled
[API-2]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage
diff --git a/windows/configuration/shared-pc/toc.yml b/windows/configuration/shared-pc/toc.yml
new file mode 100644
index 0000000000..87e0ba65f6
--- /dev/null
+++ b/windows/configuration/shared-pc/toc.yml
@@ -0,0 +1,7 @@
+items:
+- name: Shared devices concepts
+ href: shared-devices-concepts.md
+- name: Configure shared devices with Shared PC
+ href: set-up-shared-or-guest-pc.md
+- name: Shared PC technical reference
+ href: shared-pc-technical.md
\ No newline at end of file
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/start/customize-and-export-start-layout.md
similarity index 78%
rename from windows/configuration/customize-and-export-start-layout.md
rename to windows/configuration/start/customize-and-export-start-layout.md
index 2173e2ee20..725c7c8756 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/start/customize-and-export-start-layout.md
@@ -1,25 +1,16 @@
---
title: Customize and export Start layout
description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: how-to
-ms.localizationpriority: medium
+appliesto:
+- ✅ Windows 10
ms.date: 08/18/2023
ms.collection:
- tier1
-ms.technology: itpro-configure
---
# Customize and export Start layout
-**Applies to**:
-
-- Windows 10
-
>**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
@@ -36,37 +27,28 @@ When [a partial Start layout](#configure-a-partial-start-layout) is applied, the
You can deploy the resulting .xml file to devices using one of the following methods:
- [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-
- [Windows Configuration Designer provisioning package](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-
- [Mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-### Customize the Start screen on your test computer
+## Customize the Start screen on your test computer
To prepare a Start layout for export, you simply customize the Start layout on a test computer.
-**To prepare a test computer**
+To prepare a test computer:
1. Set up a test computer on which to customize the Start layout. Your test computer should have the operating system that is installed on the users' computers (Windows 10 Pro, Enterprise, or Education). Install all apps and services that the Start layout should display.
-
1. Create a new user account that you'll use to customize the Start layout.
-**To customize Start**
+To customize Start:
1. Sign in to your test computer with the user account that you created.
-
1. Customize the Start layout as you want users to see it by using the following techniques:
- **Pin apps to Start**. From Start, type the name of the app. When the app appears in the search results, right-click the app, and then select **Pin to Start**.
-
To view all apps, select **All apps** in the bottom-left corner of Start. Right-click any app, and pin or unpin it from Start.
-
- **Unpin apps** that you don't want to display. To unpin an app, right-click the app, and then select **Unpin from Start**.
-
- **Drag tiles** on Start to reorder or group apps.
-
- **Resize tiles**. To resize tiles, right-click the tile and then select **Resize.**
-
- **Create your own app groups**. Drag the apps to an empty area. To name a group, select above the group of tiles and then type the name in the **Name group** field that appears above the group.
> [!IMPORTANT]
@@ -81,10 +63,9 @@ When you have the Start layout that you want your users to see, use the [Export-
> [!IMPORTANT]
> If you include secondary Microsoft Edge tiles (tiles that link to specific websites in Microsoft Edge), see [Add custom images to Microsoft Edge secondary tiles](start-secondary-tiles.md) for instructions.
-**To export the Start layout to an .xml file**
+To export the Start layout to an .xml file:
1. While signed in with the same account that you used to customize Start, right-click Start, and select **Windows PowerShell**.
-
1. On a device running Windows 10, version 1607, 1703, or 1803, at the Windows PowerShell command prompt, enter the following command:
`Export-StartLayout -path .xml`
@@ -110,32 +91,29 @@ When you have the Start layout that you want your users to see, use the [Export-
-
+
+
```
-1. (Optional) Edit the .xml file to add [a taskbar configuration](configure-windows-10-taskbar.md) or to [modify the exported layout](start-layout-xml-desktop.md). When you make changes to the exported layout, be aware that [the order of the elements in the .xml file is critical.](start-layout-xml-desktop.md#required-order)
+1. (Optional) Edit the .xml file to add [a taskbar configuration](../taskbar/configure-windows-10-taskbar.md) or to [modify the exported layout](start-layout-xml-desktop.md). When you make changes to the exported layout, be aware that [the order of the elements in the .xml file is critical.](start-layout-xml-desktop.md#required-order)
> [!IMPORTANT]
-> If the Start layout that you export contains tiles for desktop (Win32) apps or .url links, **Export-StartLayout** will use **DesktopApplicationLinkPath** in the resulting file. Use a text or XML editor to change **DesktopApplicationLinkPath** to **DesktopApplicationID**. See [Specify Start tiles](start-layout-xml-desktop.md#specify-start-tiles) for details on using the app ID in place of the link path.
+> If the Start layout that you export contains tiles for desktop (Win32) apps or .url links, **Export-StartLayout** will use **DesktopApplicationLinkPath** in the resulting file. Use a text or XML editor to change **DesktopApplicationLinkPath** to **DesktopApplicationID**. See [Specify Start tiles](start-layout-xml-desktop.md#specify-start-tiles) for details on using the app ID in place of the link path.
> [!NOTE]
> All clients that the start layout applies to must have the apps and other shortcuts present on the local system in the same location as the source for the Start layout.
>
> For scripts and application tile pins to work correctly, follow these rules:
>
->* Executable files and scripts should be listed in \Program Files or wherever the installer of the app places them.
->
->* Shortcuts that will pinned to Start should be placed in \ProgramData\Microsoft\Windows\Start Menu\Programs.
->
->* If you place executable files or scripts in the \ProgramData\Microsoft\Windows\Start Menu\Programs folder, they will not pin to Start.
->
->* Start on Windows 10 does not support subfolders. We only support one folder. For example, \ProgramData\Microsoft\Windows\Start Menu\Programs\Folder. If you go any deeper than one folder, Start will compress the contents of all the subfolder to the top level.
->
->* Three additional shortcuts are pinned to the start menu after the export. These are shortcuts to %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs, %APPDATA%\Microsoft\Windows\Start Menu\Programs, and %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\.
+>- Executable files and scripts should be listed in \Program Files or wherever the installer of the app places them.
+>- Shortcuts that will pinned to Start should be placed in \ProgramData\Microsoft\Windows\Start Menu\Programs.
+>- If you place executable files or scripts in the \ProgramData\Microsoft\Windows\Start Menu\Programs folder, they will not pin to Start.
+>- Start on Windows 10 does not support subfolders. We only support one folder. For example, \ProgramData\Microsoft\Windows\Start Menu\Programs\Folder. If you go any deeper than one folder, Start will compress the contents of all the subfolder to the top level.
+>- Three additional shortcuts are pinned to the start menu after the export. These are shortcuts to %ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs, %APPDATA%\Microsoft\Windows\Start Menu\Programs, and %APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\.
### Configure a partial Start layout
@@ -149,10 +127,9 @@ When a partial Start layout is applied to a device that already has a StartLayou
If the Start layout is applied by Group Policy or MDM, and the policy is removed, the groups remain on the devices but become unlocked.
-**To configure a partial Start screen layout**
+To configure a partial Start screen layout:
1. [Customize the Start layout](#customize-the-start-screen-on-your-test-computer).
-
1. [Export the Start layout](#export-the-start-layout).
1. Open the layout .xml file. There is a `` element. Add `LayoutCustomizationRestrictionType="OnlySpecifiedGroups"` to the **DefaultLayoutOverride** element as follows:
@@ -163,22 +140,4 @@ If the Start layout is applied by Group Policy or MDM, and the policy is removed
1. Save the file and apply using any of the deployment methods.
> [!NOTE]
-> Office 2019 tiles might be removed from the Start menu when you upgrade Office 2019. This only occurs if Office 2019 app tiles are in a custom group in the Start menu and only contains the Office 2019 app tiles. To avoid this problem, place another app tile in the Office 2019 group prior to the upgrade. For example, add Notepad.exe or calc.exe to the group. This issue occurs because Office 2019 removes and reinstalls the apps when they are upgraded. Start removes empty groups when it detects that all apps for that group have been removed.
-
-## Related articles
-
-[Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-
-[Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-
-[Add image for secondary tiles](start-secondary-tiles.md)
-
-[Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-
-[Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-
-[Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-
-[Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-
-[Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
+> Office 2019 tiles might be removed from the Start menu when you upgrade Office 201. This only occurs if Office 2019 app tiles are in a custom group in the Start menu and only contains the Office 2019 app tiles. To avoid this problem, place another app tile in the Office 2019 group prior to the upgrade. For example, add Notepad.exe or calc.exe to the group. This issue occurs because Office 2019 removes and reinstalls the apps when they are upgraded. Start removes empty groups when it detects that all apps for that group have been removed.
diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/start/customize-start-menu-layout-windows-11.md
similarity index 82%
rename from windows/configuration/customize-start-menu-layout-windows-11.md
rename to windows/configuration/start/customize-start-menu-layout-windows-11.md
index 2e959a035a..e8995d4ee4 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/start/customize-start-menu-layout-windows-11.md
@@ -1,19 +1,14 @@
---
title: Add or remove pinned apps on the Start menu in Windows 11
description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
-author: lizgt2000
-ms.author: lizlong
-ms.reviewer: ericpapa
ms.date: 01/10/2023
ms.topic: article
+appliesto:
+- ✅ Windows 11
---
# Customize the Start menu layout on Windows 11
-**Applies to**:
-
-- Windows 11
-
> **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
Your organization can deploy a customized Start layout to your Windows 11 devices. Customizing the Start layout is common when you have similar devices used by many users, or you want to pin specific apps.
@@ -42,7 +37,7 @@ This article shows you how to export an existing Start menu layout, and use the
In Windows 11, the Start menu is redesigned with a simplified set of apps that are arranged in a grid of pages. There aren't folders, groups, or different-sized app icons:
-:::image type="content" source="./images/customize-start-menu-layout-windows-11/start-menu-layout.png" alt-text="Sample start menu layout on Windows 11 devices that shows pinned apps, access to all apps, and shows recommended files.":::
+:::image type="content" source="./images/start-windows-11.png" alt-text="Sample start menu layout on Windows 11 that shows pinned apps, access to all apps, and recommended files.":::
Start has the following areas:
@@ -79,39 +74,39 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
### Export an existing Start layout
1. Create a folder to save the `.json` file. For example, create the `C:\Layouts` folder.
-2. On a Windows 11 device, open the Windows PowerShell app.
-3. Run the following cmdlet. Name the file `LayoutModification.json`.
+1. On a Windows 11 device, open the Windows PowerShell app.
+1. Run the following cmdlet. Name the file `LayoutModification.json`.
```powershell
- Export-StartLayout -Path "C:\Layouts\LayoutModification.json"
+ Export-StartLayout -Path "C:\Layouts\LayoutModification.json"
+
```
### Get the pinnedList JSON
1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or Notepad. For more information, see [edit JSON with Visual Studio Code](https://code.visualstudio.com/docs/languages/json).
-2. In the file, you see the `pinnedList` section. This section includes all of the pinned apps. Copy the `pinnedList` content in the JSON file. You'll use it in the next section.
+1. In the file, you see the `pinnedList` section. This section includes all of the pinned apps. Copy the `pinnedList` content in the JSON file. You'll use it in the next section.
In the following example, you see that Microsoft Edge, Microsoft Word, the Microsoft Store app, and Notepad are pinned:
```json
- {
- "pinnedList": [
- { "desktopAppId": "MSEdge" },
- { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" },
- { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" },
- { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" }
- ]
- }
+ {
+ "pinnedList": [
+ { "desktopAppId": "MSEdge" },
+ { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" },
+ { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" },
+ { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" }
+ ]
+ }
```
-3. Starting with Windows 11, the **ConfigureStartPins** policy is available. This policy uses the `LayoutModification.json` file to add apps to the Pinned section. In your JSON file, you can add more apps to this section using the following keys:
+1. Starting with Windows 11, the **ConfigureStartPins** policy is available. This policy uses the `LayoutModification.json` file to add apps to the Pinned section. In your JSON file, you can add more apps to this section using the following keys:
- ---
- | Key | Description |
- | --- | --- |
- | packagedAppID | Use this option for Universal Windows Platform apps. To pin a UWP app, use the app's AUMID.|
- | desktopAppID | Use this option for unpackaged Win32 apps. To pin a Win32 app, use the app's AUMID. If the app doesn't have an AUMID, then enter the `desktopAppLink` instead. |
- | desktopAppLink | Use this option for unpackaged Win32 apps that don't have an associated AUMID. To pin this type of app, use the path to the `.lnk` shortcut that points to the app. |
+| Key | Description |
+|--|--|
+| packagedAppID | Use this option for Universal Windows Platform apps. To pin a UWP app, use the app's AUMID. |
+| desktopAppID | Use this option for unpackaged Win32 apps. To pin a Win32 app, use the app's AUMID. If the app doesn't have an AUMID, then enter the `desktopAppLink` instead. |
+| desktopAppLink | Use this option for unpackaged Win32 apps that don't have an associated AUMID. To pin this type of app, use the path to the `.lnk` shortcut that points to the app. |
## Use MDM to create and deploy a pinned list policy
@@ -126,20 +121,20 @@ This section shows you how to create a pinned list policy in Intune. There isn't
To deploy this policy, the devices must be enrolled, and managed by your organization. For more information, see [What is device enrollment?](/mem/intune/enrollment/device-enrollment).
1. Sign in to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** > **Configuration profiles** > **Create profile**.
-3. Enter the following properties:
+1. Select **Devices** > **Configuration profiles** > **Create profile**.
+1. Enter the following properties:
- **Platform**: Select **Windows 10 and later**.
- **Profile**: Select **Templates** > **Custom**.
-4. Select **Create**.
-5. In **Basics**, enter the following properties:
+1. Select **Create**.
+1. In **Basics**, enter the following properties:
- **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify them later. For example, a good profile name is **Win11: Custom Start layout**.
- **Description**: Enter a description for the profile. This setting is optional, and recommended.
-6. Select **Next**.
-7. In **Configuration settings** > **OMA-URI**, select **Add**. Add the following properties:
+1. Select **Next**.
+1. In **Configuration settings** > **OMA-URI**, select **Add**. Add the following properties:
- **Name**: Enter something like **Configure Start pins**.
- **Description**: Enter a description for the row. This setting is optional, and recommended.
@@ -148,22 +143,22 @@ To deploy this policy, the devices must be enrolled, and managed by your organiz
- **Value**: Paste the JSON you created or updated in the previous section. For example, enter the following text:
```json
- {
- "pinnedList": [
- { "desktopAppId": "MSEdge" },
- { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" },
- { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" },
- { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" }
- ]
- }
+ {
+ "pinnedList": [
+ { "desktopAppId": "MSEdge" },
+ { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" },
+ { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" },
+ { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" }
+ ]
+ }
```
Your settings look similar to the following settings:
- :::image type="content" source="./images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
+ :::image type="content" source="./images/endpoint-manager-admin-center-custom-oma-uri-start-layout.png" alt-text="Custom OMA-URI settings to customize Start menu layout using pinnedList":::
-8. Select **Save** > **Next** to save your changes.
-9. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings](/mem/intune/configuration/custom-settings-configure).
+1. Select **Save** > **Next** to save your changes.
+1. Configure the rest of the policy settings. For more specific information, see [Create a profile with custom settings](/mem/intune/configuration/custom-settings-configure).
The Windows OS exposes many CSPs that apply to the Start menu. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md).
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/start/customize-windows-10-start-screens-by-using-group-policy.md
similarity index 77%
rename from windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
rename to windows/configuration/start/customize-windows-10-start-screens-by-using-group-policy.md
index 94641458ae..6702f5d255 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/start/customize-windows-10-start-screens-by-using-group-policy.md
@@ -1,20 +1,14 @@
---
title: Customize Windows 10 Start and taskbar with group policy
description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
-ms.reviewer:
-manager: aaroncz
-author: lizgt2000
-ms.author: lizlong
ms.date: 12/31/2017
+ms.topic: how-to
+appliesto:
+- ✅ Windows 10
---
# Customize Windows 10 Start and taskbar with Group Policy
-
-**Applies to**
-
-- Windows 10
-
>**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
In Windows 10 Pro, Enterprise, and Education, you can use a Group Policy Object (GPO) to deploy a customized Start and taskbar layout to users in a domain. No reimaging is required, and the layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
@@ -24,39 +18,29 @@ This topic describes how to update Group Policy settings to display a customized
>[!WARNING]
>When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups. When you apply a taskbar layout, users will still be able to pin and unpin apps, and change the order of pinned apps.
-
-
**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md)
## Operating system requirements
-
In Windows 10, version 1607, Start and taskbar layout control using Group Policy is supported in Windows 10 Enterprise and Windows 10 Education. In Windows 10, version 1703, Start and taskbar layout control using Group Policy is also supported in Windows 10 Pro.
The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) in the Microsoft Knowledge Base.
## How Start layout control works
-
Three features enable Start and taskbar layout control:
-- The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
-
+- The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
>[!NOTE]
>To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](/powershell/module/startlayout/import-startlayout) cmdlet.
-
-- [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration.
-
-- In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied. The Group Policy object doesn't support an empty tile layout, so the default tile layout for Windows is loaded in that case.
+- [You can modify the Start .xml file](../taskbar/configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration.
+- In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied. The Group Policy object doesn't support an empty tile layout, so the default tile layout for Windows is loaded in that case.
>[!NOTE]
>To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863).
-
-
## Use Group Policy to apply a customized Start layout in a domain
-
To apply the Start and taskbar layout to users in a domain, use the Group Policy Management Console (GPMC) to configure a domain-based Group Policy Object (GPO) that sets **Start Layout** policy settings in the **Start Menu and Taskbar** administrative template for users in a domain.
The GPO applies the Start and taskbar layout at the next user sign-in. Each time the user signs in, the timestamp of the .xml file with the Start and taskbar layout is checked and if a newer version of the file is available, the settings in the latest version of the file are applied.
@@ -69,7 +53,6 @@ For information about deploying GPOs in a domain, see [Working with Group Policy
## Use Group Policy to apply a customized Start layout on the local computer
-
You can use the Local Group Policy Editor to provide a customized Start and taskbar layout for any user who signs in on the local computer. To display the customized Start and taskbar layout for any user who signs in, configure **Start Layout** policy settings for the **Start Menu and Taskbar** administrative template. You can use the **Start Menu and Taskbar** administrative template in **User Configuration** or **Computer Configuration**.
>[!NOTE]
@@ -77,52 +60,26 @@ You can use the Local Group Policy Editor to provide a customized Start and task
>
>This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](/previous-versions/windows/it-pro/windows-vista/cc766291(v=ws.10)). The guide was written for Windows Vista and the procedures still apply to Windows 10.
-
This procedure adds the customized Start and taskbar layout to the user configuration, which overrides any Start layout settings in the local computer configuration when a user signs in on the computer.
**To configure Start Layout policy settings in Local Group Policy Editor**
1. On the test computer, press the Windows key, type **gpedit**, and then select **Edit group policy (Control panel)**.
-
-2. Go to **User Configuration** or **Computer Configuration** > **Administrative Templates** >**Start Menu and Taskbar**.
-
+1. Go to **User Configuration** or **Computer Configuration** > **Administrative Templates** >**Start Menu and Taskbar**.
-
-3. Right-click **Start Layout** in the right pane, and click **Edit**.
-
+1. Right-click **Start Layout** in the right pane, and click **Edit**.
This opens the **Start Layout** policy settings.
-
-
-4. Enter the following settings, and then click **OK**:
-
- 1. Select **Enabled**.
-
- 2. Under **Options**, specify the path to the .xml file that contains the Start and taskbar layout. For example, type **C:\\Users\\Test01\\StartScreenMarketing.xml**.
-
- 3. Optionally, enter a comment to identify the Start and taskbar layout.
+1. Enter the following settings, and then click **OK**:
+ 1. Select **Enabled**.
+ 1. Under **Options**, specify the path to the .xml file that contains the Start and taskbar layout. For example, type **C:\\Users\\Test01\\StartScreenMarketing.xml**.
+ 1. Optionally, enter a comment to identify the Start and taskbar layout.
> [!IMPORTANT]
> If you disable Start Layout policy settings that have been in effect and then re-enable the policy, users will not be able to make changes to Start, however the layout in the .xml file will not be reapplied unless the file has been updated. In Windows PowerShell, you can update the timestamp on a file by running the following command:
- >
+ >
> `(ls ).LastWriteTime = Get-Date`
-
-
## Update a customized Start layout
-
After you use Group Policy to apply a customized Start and taskbar layout on a computer or in a domain, you can update the layout simply by replacing the .xml file that is specified in the Start Layout policy settings with a file with a newer timestamp.
-
-## Related topics
-
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
-
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/start/customize-windows-10-start-screens-by-using-mobile-device-management.md
similarity index 56%
rename from windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
rename to windows/configuration/start/customize-windows-10-start-screens-by-using-mobile-device-management.md
index ebd6bb9d28..1b378a93ca 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/start/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -1,28 +1,17 @@
---
title: Change the Windows 10 Start and taskbar using mobile device management | Microsoft Docs
-description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices.
-ms.reviewer:
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
+description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices.
ms.topic: article
-ms.author: lizlong
-ms.localizationpriority: medium
+appliesto:
+- ✅ Windows 10
ms.date: 08/05/2021
-ms.technology: itpro-configure
---
# Customize Windows 10 Start and taskbar with mobile device management (MDM)
-
-**Applies to**
-
-- Windows 10
-
-
>**Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
-In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. No reimaging is required. The layout can be updated simply by overwriting the `.xml` file that contains the layout. This feature enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
+In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. No reimaging is required. The layout can be updated simply by overwriting the `.xml` file that contains the layout. This feature enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
>[!NOTE]
>Support for applying a customized taskbar using MDM is added in Windows 10, version 1703.
@@ -32,21 +21,16 @@ In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, you can us
>[!WARNING]
>When a full Start layout is applied with this method, the users cannot pin, unpin, or uninstall apps from Start. Users can view and open all apps in the **All Apps** view, but they cannot pin any apps to Start. When a partial Start layout is applied, the contents of the specified tile groups cannot be changed, but users can move those groups, and can also create and customize their own groups.
-
-
## How Start layout control works
-
Two features enable Start layout control:
-- The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
+- The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
>[!NOTE]
>To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](/powershell/module/startlayout/import-startlayout) cmdlet.
-
-
-- In Microsoft Intune, you select the Start layout XML file and add it to a device configuration profile.
+- In Microsoft Intune, you select the Start layout XML file and add it to a device configuration profile.
>[!NOTE]
>Please do not include XML Prologs like \ in the Start layout XML file. The settings may not be reflected correctly.
@@ -57,41 +41,29 @@ The following example uses Microsoft Intune to configure an MDM policy that appl
1. Sign in to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** > **Configuration profiles** > **Create profile**.
+1. Select **Devices** > **Configuration profiles** > **Create profile**.
-3. Enter the following properties:
+1. Enter the following properties:
- **Platform**: Select **Windows 10 and later**.
- **Profile type**: Select **Templates** > **Device restrictions** > **Create**.
-4. In **Basics**, enter the following properties:
+1. In **Basics**, enter the following properties:
- **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify it later. For example, a good profile name is **Customize Start menu and taskbar**.
- **Description**: Enter a description for the profile. This setting is optional, but recommended.
-5. Select **Next**.
+1. Select **Next**.
-6. In **Configuration settings**, select **Start**:
+1. In **Configuration settings**, select **Start**:
- If you're using an XML file, select **Start menu layout**. Browse to and select your Start layout XML file.
- If you don't have an XML file, configure the others settings. For more information on these settings, see [Start settings in Microsoft Intune](/mem/intune/configuration/device-restrictions-windows-10#start).
-7. Select **Next**.
-8. In **Scope tags**, select **Next**. For more information about scope tags, see [Use RBAC and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
-9. In **Assignments**, select the user or groups that will receive your profile. Select **Next**. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
-10. In **Review + create**, review your settings. When you select **Create**, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
+1. Select **Next**.
+1. In **Scope tags**, select **Next**. For more information about scope tags, see [Use RBAC and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
+1. In **Assignments**, select the user or groups that will receive your profile. Select **Next**. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
+1. In **Review + create**, review your settings. When you select **Create**, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
> [!NOTE]
> For third party partner MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
-
-
-## Next steps
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/start/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/start/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
new file mode 100644
index 0000000000..b8653f7973
--- /dev/null
+++ b/windows/configuration/start/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -0,0 +1,115 @@
+---
+title: Customize Windows 10 Start and taskbar with provisioning packages
+description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
+ms.topic: article
+appliesto:
+- ✅ Windows 11
+ms.date: 12/31/2017
+---
+
+# Customize Windows 10 Start and taskbar with provisioning packages
+
+> **Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
+
+> [!NOTE]
+> Currently, using provisioning packages to customize the Start menu layout is supported on Windows 1. It's not supported on Windows 11.
+
+In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a provisioning package that you create with Windows Configuration Designer to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
+
+> [!IMPORTANT]
+> If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
+
+**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions.
+
+## How Start layout control works
+
+Three features enable Start and taskbar layout control:
+
+- The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format.
+
+ > [!NOTE]
+ > To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](/powershell/module/startlayout/import-startlayout) cmdlet.
+
+- [You can modify the Start .xml file](../taskbar/configure-windows-10-taskbar.md) to include `` or create an .xml file just for the taskbar configuration.
+
+- In Windows Configuration Designer, you use the **Policies/Start/StartLayout** setting to provide the contents of the .xml file that defines the Start and taskbar layout.
+
+
+
+## Prepare the Start layout XML file
+
+The **Export-StartLayout** cmdlet produces an XML file. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout section to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout section to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
+
+1. Copy the contents of layout.xml into an online tool that escapes characters.
+
+1. During the procedure to create a provisioning package, you will copy the text with the escape characters and paste it in the customizations.xml file for your project.
+
+## Create a provisioning package that contains a customized Start layout
+
+Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](../provisioning-packages/provisioning-install-icd.md)
+
+> [!IMPORTANT]
+> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+
+1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+
+1. Choose **Advanced provisioning**.
+
+1. Name your project, and click **Next**.
+
+1. Choose **All Windows desktop editions** and click **Next**.
+
+1. On **New project**, click **Finish**. The workspace for your package opens.
+
+1. Expand **Runtime settings** > **Policies** > **Start**, and click **StartLayout**.
+
+ > [!TIP]
+ > If **Start** is not listed, check the type of settings you selected in step 1. You must create the project using settings for **All Windows desktop editions**.
+
+1. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the layout.xml file in a later step.
+
+1. Save your project and close Windows Configuration Designer.
+
+1. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*)
+
+1. Open the customizations.xml file in a text editor. The **<Customizations>** section will look like this:
+
+ 
+
+1. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
+
+1. Save and close the customizations.xml file.
+
+1. Open Windows Configuration Designer and open your project.
+
+1. On the **File** menu, select **Save.**
+
+1. On the **Export** menu, select **Provisioning package**.
+
+1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+
+1. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
+
+ - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
+
+ - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
+
+1. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
+
+ Optionally, you can click **Browse** to change the default output location.
+
+1. Click **Next**.
+
+1. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+
+ If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+
+1. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+
+ If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
+
+ - If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+ - If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
+
+1. Copy the provisioning package to the target device.
+1. Double-click the ppkg file and allow it to install.
diff --git a/windows/configuration/start/images/customization-start-edge.PNG b/windows/configuration/start/images/customization-start-edge.PNG
new file mode 100644
index 0000000000..333833d8c0
Binary files /dev/null and b/windows/configuration/start/images/customization-start-edge.PNG differ
diff --git a/windows/configuration/start/images/customization-start.PNG b/windows/configuration/start/images/customization-start.PNG
new file mode 100644
index 0000000000..4942338181
Binary files /dev/null and b/windows/configuration/start/images/customization-start.PNG differ
diff --git a/windows/configuration/images/edge-with-logo.png b/windows/configuration/start/images/edge-with-logo.png
similarity index 100%
rename from windows/configuration/images/edge-with-logo.png
rename to windows/configuration/start/images/edge-with-logo.png
diff --git a/windows/configuration/images/edge-without-logo.png b/windows/configuration/start/images/edge-without-logo.png
similarity index 100%
rename from windows/configuration/images/edge-without-logo.png
rename to windows/configuration/start/images/edge-without-logo.png
diff --git a/windows/configuration/images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png b/windows/configuration/start/images/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
similarity index 100%
rename from windows/configuration/images/customize-start-menu-layout-windows-11/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
rename to windows/configuration/start/images/endpoint-manager-admin-center-custom-oma-uri-start-layout.png
diff --git a/windows/configuration/images/start-pinned-app.png b/windows/configuration/start/images/start-pinned-app.png
similarity index 100%
rename from windows/configuration/images/start-pinned-app.png
rename to windows/configuration/start/images/start-pinned-app.png
diff --git a/windows/configuration/start/images/start-windows-11.png b/windows/configuration/start/images/start-windows-11.png
new file mode 100644
index 0000000000..9cafb224bf
Binary files /dev/null and b/windows/configuration/start/images/start-windows-11.png differ
diff --git a/windows/configuration/images/startannotated.png b/windows/configuration/start/images/startannotated.png
similarity index 100%
rename from windows/configuration/images/startannotated.png
rename to windows/configuration/start/images/startannotated.png
diff --git a/windows/configuration/images/startlayoutpolicy.jpg b/windows/configuration/start/images/startlayoutpolicy.jpg
similarity index 100%
rename from windows/configuration/images/startlayoutpolicy.jpg
rename to windows/configuration/start/images/startlayoutpolicy.jpg
diff --git a/windows/configuration/images/starttemplate.jpg b/windows/configuration/start/images/starttemplate.jpg
similarity index 100%
rename from windows/configuration/images/starttemplate.jpg
rename to windows/configuration/start/images/starttemplate.jpg
diff --git a/windows/configuration/images/taskbar-generic.png b/windows/configuration/start/images/taskbar-generic.png
similarity index 100%
rename from windows/configuration/images/taskbar-generic.png
rename to windows/configuration/start/images/taskbar-generic.png
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start/start-layout-xml-desktop.md
similarity index 86%
rename from windows/configuration/start-layout-xml-desktop.md
rename to windows/configuration/start/start-layout-xml-desktop.md
index be361db92b..4e97904532 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start/start-layout-xml-desktop.md
@@ -1,40 +1,27 @@
---
-title: Start layout XML for desktop editions of Windows 10 (Windows 10)
+title: Start layout XML for desktop editions of Windows 10
description: This article describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions.
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
ms.date: 10/02/2018
-ms.reviewer:
-manager: aaroncz
-ms.localizationpriority: medium
-ms.technology: itpro-configure
+appliesto:
+- ✅ Windows 10
---
# Start layout XML for desktop editions of Windows 10 (reference)
-
-**Applies to**
-
-- Windows 10
-
>**Looking for consumer information?** See [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
On Windows 10 for desktop editions, the customized Start works by:
- Windows 10 checks the chosen base default layout, such as the desktop edition and whether Cortana is supported for the country/region.
-
- Windows 10 reads the LayoutModification.xml file and allows groups to be appended to Start. The groups have the following constraints:
- - Two groups that are six columns wide, or equivalent to the width of three medium tiles.
- - Two medium-sized tile rows in height. Windows 10 ignores any tiles that are pinned beyond the second row.
- - No limit to the number of apps that can be pinned. There's a theoretical limit of 24 tiles per group (four small tiles per medium square x 3 columns x 2 rows).
-
+ - Two groups that are six columns wide, or equivalent to the width of three medium tiles.
+ - Two medium-sized tile rows in height. Windows 10 ignores any tiles that are pinned beyond the second row.
+ - No limit to the number of apps that can be pinned. There's a theoretical limit of 24 tiles per group (four small tiles per medium square x 3 columns x 2 rows).
+
>[!NOTE]
>To use the layout modification XML to configure Start with roaming user profiles, see [Deploying Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#step-7-optionally-specify-a-start-layout-for-windows-10-pcs).
-
-
## LayoutModification XML
IT admins can provision the Start layout using a LayoutModification.xml file. This file supports several mechanisms to modify or replace the default Start layout and its tiles. The easiest method for creating a LayoutModification.xml file is by using the Export-StartLayout cmdlet; see [Customize and export Start layout](customize-and-export-start-layout.md) for instructions.
@@ -46,7 +33,7 @@ The XML schema for `LayoutModification.xml` requires the following order for tag
1. LayoutOptions
1. DefaultLayoutOverride
1. RequiredStartGroupsCollection
-1. AppendDownloadOfficeTile –OR– AppendOfficeSuite (only one Office option can be used at a time)
+1. AppendDownloadOfficeTile - OR - AppendOfficeSuite (only one Office option can be used at a time)
1. AppendOfficeSuiteChoice
1. TopMFUApps
1. CustomTaskbarLayoutCollection
@@ -55,16 +42,17 @@ The XML schema for `LayoutModification.xml` requires the following order for tag
Comments are not supported in the `LayoutModification.xml` file.
-
### Supported elements and attributes
>[!NOTE]
>To make sure the Start layout XML parser processes your file correctly, follow these guidelines when working with your LayoutModification.xml file:
+>
>- Do not leave spaces or white lines in between each element.
>- Do not add comments inside the StartLayout node or any of its children elements.
>- Do not add multiple rows of comments.
The following table lists the supported elements and attributes for the LayoutModification.xml file.
+
> [!NOTE]
> RequiredStartGroupsCollection and AppendGroup syntax only apply when the Import-StartLayout method is used for building and deploying Windows images.
@@ -79,9 +67,9 @@ The following table lists the supported elements and attributes for the LayoutMo
| start:Folder
Parent: start:Group | Name (in Windows 10, version 1809 and later only) Size Row Column LocalizedNameResourcetag | Use to specify a folder of icons; can include [Tile](#start-tile), [SecondaryTile](#start-secondarytile), and [DesktopApplicationTile](#start-desktopapplicationtile). |
| start:DesktopApplicationTileParent:AppendGroup | DesktopApplicationIDDesktopApplicationLinkPathSizeRowColumn | Use to specify any of the following:- A Windows desktop application with a known AppUserModelID- An application in a known folder with a link in a legacy Start Menu folder- A Windows desktop application link in a legacy Start Menu folder- A Web link tile with an associated `.url` file that is in a legacy Start Menu folder |
| start:SecondaryTileParent:AppendGroup | AppUserModelIDTileIDArgumentsDisplayNameSquare150x150LogoUriShowNameOnSquare150x150LogoShowNameOnWide310x150LogoWide310x150LogoUriBackgroundColorForegroundTextIsSuggestedAppSizeRowColumn | Use to pin a Web link through a Microsoft Edge secondary tile. Note that AppUserModelID is case-sensitive. |
-| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
-| TileParent:TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. **Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
-| DesktopApplicationTileParent:TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.**Note**: Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| TopMFUAppsParent:LayoutModificationTemplate | n/a | Use to add up to three default apps to the frequently used apps section in the system area.**Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| TileParent:TopMFUApps | AppUserModelID | Use with the TopMFUApps tags to specify an app with a known AppUserModelID. **Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
+| DesktopApplicationTileParent:TopMFUApps | LinkFilePath | Use with the TopMFUApps tags to specify an app without a known AppUserModelID.**Note**: Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start. |
| AppendOfficeSuiteParent:LayoutModificationTemplate | n/a | Use to add the in-box installed Office suite to Start. For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).Don't use this tag with AppendDownloadOfficeTile. |
| AppendDownloadOfficeTileParent:LayoutModificationTemplate | n/a | Use to add a specific **Download Office** tile to a specific location in StartDo not use this tag with AppendOfficeSuite |
@@ -89,11 +77,11 @@ The following table lists the supported elements and attributes for the LayoutMo
New devices running Windows 10 for desktop editions will default to a Start menu with two columns of tiles unless boot to tablet mode is enabled. Devices with screens that are under 10" have boot to tablet mode enabled by default. For these devices, users see the full screen Start on the desktop. You can adjust the following features:
-- Boot to tablet mode can be set on or off.
-- Set full screen Start on desktop to on or off.
- To do this, add the LayoutOptions element in your LayoutModification.xml file and set the FullScreenStart attribute to true or false.
-- Specify the number of columns in the Start menu to 1 or 2.
- To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2.
+- Boot to tablet mode can be set on or off
+- Set full screen Start on desktop to on or off
+ To do this, add the LayoutOptions element in your LayoutModification.xml file and set the FullScreenStart attribute to true or false
+- Specify the number of columns in the Start menu to 1 or 2
+ To do this, add the LayoutOptions element in your LayoutModification.xml file and set the StartTileGroupsColumnCount attribute to 1 or 2
The following example shows how to use the LayoutOptions element to specify full screen Start on the desktop and to use one column in the Start menu:
@@ -117,33 +105,33 @@ For devices being upgraded to Windows 10 for desktop editions:
### RequiredStartGroups
-The **RequiredStartGroups** tag contains **AppendGroup** tags that represent groups that you can append to the default Start layout.
+The **RequiredStartGroups** tag contains **AppendGroup** tags that represent groups that you can append to the default Start layout.
>[!IMPORTANT]
->For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag.
+>For Windows 10 for desktop editions, you can add a maximum of two (2) **AppendGroup** tags per **RequiredStartGroups** tag.
-You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you're using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example:
+You can also assign regions to the append groups in the **RequiredStartGroups** tag's using the optional **Region** attribute or you can use the multivariant capabilities in Windows provisioning. If you're using the **Region** attribute, you must use a two-letter country code to specify the country/region that the append group(s) apply to. To specify more than one country/region, use a pipe ("|") delimiter as shown in the following example:
```XML
```
-If the country/region setting for the Windows device matches a **RequiredStartGroups**, then the tiles laid out within the **RequiredStartGroups** is applied to Start.
+If the country/region setting for the Windows device matches a **RequiredStartGroups**, then the tiles laid out within the **RequiredStartGroups** is applied to Start.
If you specify a region-agnostic **RequiredStartGroups** (or one without the optional Region attribute), then the region-agnostic **RequiredStartGroups** is applied to Start.
### AppendGroup
-**AppendGroup** tags specify a group of tiles that will be appended to Start. There is a maximum of two **AppendGroup** tags allowed per **RequiredStartGroups** tag.
+**AppendGroup** tags specify a group of tiles that will be appended to Start. There is a maximum of two **AppendGroup** tags allowed per **RequiredStartGroups** tag.
-For Windows 10 for desktop editions, AppendGroup tags contain start:Tile, start:DesktopApplicationTile, or start:SecondaryTile tags.
+For Windows 10 for desktop editions, AppendGroup tags contain start:Tile, start:DesktopApplicationTile, or start:SecondaryTile tags.
-You can specify any number of tiles in an **AppendGroup**, but you can't specify a tile with a **Row** attribute greater than 4. The Start layout doesn't support overlapping tiles.
+You can specify any number of tiles in an **AppendGroup**, but you can't specify a tile with a **Row** attribute greater than 1. The Start layout doesn't support overlapping tiles.
### Specify Start tiles
-To pin tiles to Start, partners must use the right tile depending on what you want to pin.
+To pin tiles to Start, partners must use the right tile depending on what you want to pin.
#### Tile size and coordinates
@@ -165,9 +153,9 @@ For example, a tile with Size="2x2", Row="2", and Column="2" results in a tile l
You can use the **start:Tile** tag to pin any of the following apps to Start:
- A Universal Windows app
-- A Windows 8 app or Windows 8.1 app
+- A Windows 8 app or Windows 8.1 app
-To specify any one of these apps, you must set the **AppUserModelID** attribute to the application user model ID that's associated with the corresponding app.
+To specify any one of these apps, you must set the **AppUserModelID** attribute to the application user model ID that's associated with the corresponding app.
>[!IMPORTANT]
>**AppUserModelID** (AUMID) is case-sensitive.
@@ -185,14 +173,14 @@ The following example shows how to pin the Microsoft Edge Universal Windows app:
#### start:DesktopApplicationTile
-You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop application to Start. There are two ways you can specify a Windows desktop application:
+You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop application to Start. There are two ways you can specify a Windows desktop application:
- Use a path to a shortcut link (.lnk file) to a Windows desktop application.
>[!NOTE]
>In Start layouts for Windows 10, version 1703, you should use **DesktopApplicationID** rather than **DesktopApplicationLinkPath** if you are using Group Policy or MDM to apply the start layout and the application was installed after the user's first sign-in.
- To pin a Windows desktop application through this method, you must first add the .lnk file in the specified location when the device first boots.
+ To pin a Windows desktop application through this method, you must first add the .lnk file in the specified location when the device first boots.
The following example shows how to pin the Command Prompt:
@@ -203,17 +191,17 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap
Row="0"
Column="4"/>
```
-
+
+
You must set the **DesktopApplicationLinkPath** attribute to the .lnk file that points to the Windows desktop application. The path also supports environment variables.
If you are pointing to a third-party Windows desktop application and the layout is being applied before the first boot, you must put the .lnk file in a legacy Start Menu directory before first boot; for example, "%APPDATA%\Microsoft\Windows\Start Menu\Programs\" or the all users profile "%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\".
- Use the application's application user model ID, if this is known. If the Windows desktop application doesn't have one, use the shortcut link option.
-
You can use the [Get-StartApps cmdlet](/powershell/module/startlayout/get-startapps) on a PC that has the application pinned to Start to obtain the app ID.
- To pin a Windows desktop application through this method, you must set the **DesktopApplicationID** attribute to the application user model ID that's associated with the corresponding app.
+ To pin a Windows desktop application through this method, you must set the **DesktopApplicationID** attribute to the application user model ID that's associated with the corresponding app.
The following example shows how to pin the File Explorer Windows desktop application:
@@ -224,7 +212,6 @@ You can use the **start:DesktopApplicationTile** tag to pin a Windows desktop ap
Row="0"
Column="2"/>
```
-
You can also use the **start:DesktopApplicationTile** tag as one of the methods for pinning a Web link to Start. The other method is to use a Microsoft Edge secondary tile.
@@ -256,7 +243,8 @@ The following example shows how to create a tile of the Web site's URL using the
TileID="MyWeblinkTile"
Arguments="http://msn.com"
DisplayName="MySite"
- Square150x150LogoUri="ms-appx:///Assets/MicrosoftEdgeSquare150x150.png"
+ Square150x150LogoUri="ms-appx:///Assets/MicrosoftEdgeSquare150x150.png"
+
Wide310x150LogoUri="ms-appx:///Assets/MicrosoftEdgeWide310x150.png"
ShowNameOnSquare150x150Logo="true"
ShowNameOnWide310x150Logo="false"
@@ -286,9 +274,9 @@ Secondary Microsoft Edge tiles have the same size and location behavior as a Uni
#### TopMFUApps
>[!NOTE]
->Only applies to versions of Windows 10 earlier than version 1709. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start.
+>Only applies to versions of Windows 10 earlier than version 1701. In Windows 10, version 1709, you can no longer pin apps to the Most Frequently Used apps list in Start.
-You can use the **TopMFUApps** tag to add up to 3 default apps to the frequently used apps section in the system area, which delivers system-driven lists to the user including important or frequently accessed system locations and recently installed apps.
+You can use the **TopMFUApps** tag to add up to 3 default apps to the frequently used apps section in the system area, which delivers system-driven lists to the user including important or frequently accessed system locations and recently installed apps.
You can use this tag to add:
@@ -332,7 +320,7 @@ The following example shows how to add the **AppendOfficeSuite** tag to your Lay
#### AppendOfficeSuiteChoice
-This tag is added in Windows 10, version 1803. You have two options in this tag:
+This tag is added in Windows 10, version 1801. You have two options in this tag:
- ``
- ``
@@ -343,7 +331,6 @@ Use `Choice=DesktopBridge` on devices running versions of Windows 10 earlier tha
For more information, see [Customize the Office suite of tiles](/windows-hardware/customize/desktop/customize-start-layout#customize-the-office-suite-of-tiles).
-
#### AppendDownloadOfficeTile
You can use the **AppendDownloadOfficeTile** tag to append the Office trial installer to Start. This tag adds the **Download Office** tile to Start and the download tile will appear at the bottom right-hand side of the second group.
@@ -376,7 +363,7 @@ The following sample LayoutModification.xml shows how you can configure the Star
-
-
+
+
-
-
+
+
-
+
+
```
## Use Windows Provisioning multivariant support
-The Windows Provisioning multivariant capability allows you to declare target conditions that, when met, supply specific customizations for each variant condition. For Start customization, you can create specific layouts for each variant that you have. To do this, you must create a separate LayoutModification.xml file for each variant that you want to support and then include these in your provisioning package. For more information on how to do this, see [Create a provisioning package with multivariant settings](./provisioning-packages/provisioning-multivariant.md).
+The Windows Provisioning multivariant capability allows you to declare target conditions that, when met, supply specific customizations for each variant condition. For Start customization, you can create specific layouts for each variant that you have. To do this, you must create a separate LayoutModification.xml file for each variant that you want to support and then include these in your provisioning package. For more information on how to do this, see [Create a provisioning package with multivariant settings](../provisioning-packages/provisioning-multivariant.md).
The provisioning engine chooses the right customization file based on the target conditions that were met, adds the file in the location that's specified for the setting, and then uses the specific file to customize Start. To differentiate between layouts, you can add modifiers to the LayoutModification.xml filename such as "LayoutCustomization1". Regardless of the modifier that you use, the provisioning engine will always output "LayoutCustomization.xml" so that the operating system has a consistent file name to query against.
For example, if you want to ensure that there's a specific layout for a certain condition, you can:
+
1. Create a specific layout customization file and then name it LayoutCustomization1.xml.
-2. Include the file as part of your provisioning package.
-3. Create your multivariant target and reference the XML file within the target condition in the main customization XML file.
+1. Include the file as part of your provisioning package.
+1. Create your multivariant target and reference the XML file within the target condition in the main customization XML file.
The following example shows what the overall customization file might look like with multivariant support for Start:
@@ -466,24 +457,37 @@ The following example shows what the overall customization file might look like
-
-
-
+
+
+
+
+
+
-
-
- 1
- 1
- 1
-
-
- 1
-
-
+
+
+
+
+ 1
+
+ 1
+
+ 1
+
+
+
+
+
+ 1
+
+
+
+
+
@@ -507,28 +511,17 @@ You must repeat this process for all variants that you want to support so that e
## Add the LayoutModification.xml file to the device
-Once you have created your LayoutModification.xml file to customize devices that will run Windows 10 for desktop editions, you can use Windows ICD methods to add the XML file to the device.
+Once you have created your LayoutModification.xml file to customize devices that will run Windows 10 for desktop editions, you can use Windows ICD methods to add the XML file to the device.
1. In the **Available customizations** pane, expand **Runtime settings**, select **Start** > Select the **StartLayout** setting.
-2. In the middle pane, click **Browse** to open File Explorer.
-3. In the File Explorer window, navigate to the location where you saved your LayoutModification.xml file.
-4. Select the file and then click **Open**.
+1. In the middle pane, click **Browse** to open File Explorer.
+1. In the File Explorer window, navigate to the location where you saved your LayoutModification.xml file.
+
+1. Select the file and then click **Open**.
This should set the value of **StartLayout**. The setting appears in the **Selected customizations** pane.
>[!NOTE]
->There is currently no way to add the .url and .lnk files through Windows ICD.
+>There is currently no way to add the .url and .lnk files through Windows ICD.
-Once you have created the LayoutModification.xml file and it is present in the device, the system overrides the base default layout and any Unattend settings used to customize Start.
-
-
-## Related topics
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
+Once you have created the LayoutModification.xml file and it is present in the device, the system overrides the base default layout and any Unattend settings used to customize Start.
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start/start-secondary-tiles.md
similarity index 55%
rename from windows/configuration/start-secondary-tiles.md
rename to windows/configuration/start/start-secondary-tiles.md
index e9b63e1772..60449adfba 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start/start-secondary-tiles.md
@@ -1,22 +1,11 @@
---
-title: Add image for secondary Microsoft Edge tiles (Windows 10)
+title: Add image for secondary Microsoft Edge tiles
description: Add app tiles on Windows 10 that's a secondary tile.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
ms.date: 12/31/2017
---
-# Add image for secondary Microsoft Edge tiles
-
-**Applies to**
-
-- Windows 10
+# Add image for secondary Microsoft Edge tiles
App tiles are the Start screen tiles that represent and launch an app. A tile that allows a user to go to a specific location in an app is a *secondary tile*. Some examples of secondary tiles include:
@@ -25,7 +14,7 @@ App tiles are the Start screen tiles that represent and launch an app. A tile th
- Status and updates from an important contact in a social app
- A website in Microsoft Edge
-In a Start layout for Windows 10, version 1703, you can include secondary tiles for Microsoft Edge that display a custom image, rather than a tile with the standard Microsoft Edge logo.
+In a Start layout for Windows 10, version 1703, you can include secondary tiles for Microsoft Edge that display a custom image, rather than a tile with the standard Microsoft Edge logo.
Suppose that the [Start layout that you export](customize-and-export-start-layout.md) had two secondary tiles, such as in the following image:
@@ -41,27 +30,38 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
**Example of secondary tiles in XML generated by Export-StartLayout**
-
```xml
-
```
## Export Start layout and assets
1. Follow the instructions in [Customize and export Start layout](customize-and-export-start-layout.md#customize-the-start-screen-on-your-test-computer) to customize the Start screen on your test computer.
-2. Open Windows PowerShell as an administrator and enter the following command:
+1. Open Windows PowerShell as an administrator and enter the following command:
```powershell
Export-StartLayout -path .xml
@@ -71,12 +71,14 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet doesn't append the file name extension, and the policy settings require the extension.
-3. If you’d like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
- - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"`
+1. If you'd like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
+ - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"`
+
- Open `C:\Users\\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState\PinnedTiles\21581260870\` and replace those images with your customized images.
-4. In Windows PowerShell, enter the following command:
-
+1. In Windows PowerShell, enter the following command:
+
+
```powershell
Export-StartLayoutEdgeAssets assets.xml
```
@@ -90,139 +92,124 @@ You can apply the customized Start layout with images for secondary tiles by usi
In Microsoft Intune, you create a device restrictions policy to apply to device group. For other MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
1. Sign in to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** > **Configuration profiles** > **Create profile**.
-3. Enter the following properties:
+1. Select **Devices** > **Configuration profiles** > **Create profile**.
+1. Enter the following properties:
- **Platform**: Select **Windows 10 and later**.
- **Profile**: Select **Templates** > **Device restrictions**.
-4. Select **Create**.
-5. In **Basics**, enter the following properties:
+1. Select **Create**.
+1. In **Basics**, enter the following properties:
- **Name**: Enter a descriptive name for the policy. Name your policies so you can easily identify them later.
- **Description**: Enter a description for the policy. This setting is optional, but recommended.
-6. Select **Next**.
+1. Select **Next**.
-7. In **Configuration settings**, select **Start**. Configure the following properties:
+1. In **Configuration settings**, select **Start**. Configure the following properties:
- **Start menu layout**: Browse to, and select your Start layout XML file.
- **Pin websites to tiles in Start menu**: Browse to, and select your assets XML file.
There are more Start menu settings you can configure. For more information on these settings, see [Start settings in Intune](/intune/device-restrictions-windows-10#start)
-8. Select **Next**.
-9. In **Scope tags** (optional), assign a tag to filter the profile to specific IT groups, such as `US-NC IT Team` or `JohnGlenn_ITDepartment`. For more information about scope tags, see [Use RBAC and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
+1. Select **Next**.
+1. In **Scope tags** (optional), assign a tag to filter the profile to specific IT groups, such as `US-NC IT Team` or `JohnGlenn_ITDepartment`. For more information about scope tags, see [Use RBAC and scope tags for distributed IT](/mem/intune/fundamentals/scope-tags).
Select **Next**.
-10. In **Assignments**, select the users or groups that will receive your profile. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
+1. In **Assignments**, select the users or groups that will receive your profile. For more information on assigning profiles, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
Select **Next**.
-11. In **Review + create**, review your settings. When you select **Create**, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
+1. In **Review + create**, review your settings. When you select **Create**, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
### Using a provisioning package
#### Prepare the Start layout and Edge assets XML files
-The **export-StartLayout** and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
-
-
+The **export-StartLayout** and **export-StartLayoutEdgeAssets** cmdlets produce XML files. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout and Edge assets sections to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout and Edge assets sections to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters.
1. Copy the contents of layout.xml into an online tool that escapes characters.
-2. Copy the contents of assets.xml into an online tool that escapes characters.
+1. Copy the contents of assets.xml into an online tool that escapes characters.
-3. When you create a provisioning package, you'll copy the text with the escape characters and paste it in the customizations.xml file for your project.
+1. When you create a provisioning package, you'll copy the text with the escape characters and paste it in the customizations.xml file for your project.
#### Create a provisioning package that contains a customized Start layout
-Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
+Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](../provisioning-packages/provisioning-install-icd.md)
>[!IMPORTANT]
>When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
1. Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
-2. Choose **Advanced provisioning**.
+1. Choose **Advanced provisioning**.
-3. Name your project, and select **Next**.
+1. Name your project, and select **Next**.
-4. Choose **All Windows desktop editions** and select **Next**.
+1. Choose **All Windows desktop editions** and select **Next**.
-5. On **New project**, select **Finish**. The workspace for your package opens.
+1. On **New project**, select **Finish**. The workspace for your package opens.
-6. Expand **Runtime settings** > **Policies** > **Start**, and select **StartLayout**.
+1. Expand **Runtime settings** > **Policies** > **Start**, and select **StartLayout**.
>[!TIP]
- >If **Start** is not listed, check the type of settings you selected in step 4. You must create the project using settings for **All Windows desktop editions**.
+ >If **Start** is not listed, check the type of settings you selected in step 1. You must create the project using settings for **All Windows desktop editions**.
-7. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you'll replace with the contents of the layout.xml file in a later step.
+1. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you'll replace with the contents of the layout.xml file in a later step.
-8. In the **Available customizations** pane, select **ImportEdgeAssets**.
+1. In the **Available customizations** pane, select **ImportEdgeAssets**.
-9. Enter **assets.xml**. This value creates a placeholder in the customizations.xml file that you'll replace with the contents of the assets.xml file in a later step.
+1. Enter **assets.xml**. This value creates a placeholder in the customizations.xml file that you'll replace with the contents of the assets.xml file in a later step.
-10. Save your project and close Windows Configuration Designer.
+1. Save your project and close Windows Configuration Designer.
-11. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*)
+1. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*)
-12. Open the customizations.xml file in a text editor. The **<Customizations>** section will look like this:
+1. Open the customizations.xml file in a text editor. The **<Customizations>** section will look like this:
-13. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
+1. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
-14. Replace **assets.xml** with the text from the assets.xml file, [with markup characters replaced with escape characters](#escape).
+1. Replace **assets.xml** with the text from the assets.xml file, [with markup characters replaced with escape characters](#escape).
-15. Save and close the customizations.xml file.
+1. Save and close the customizations.xml file.
-16. Open Windows Configuration Designer and open your project.
+1. Open Windows Configuration Designer and open your project.
-17. On the **File** menu, select **Save.**
+1. On the **File** menu, select **Save.**
-18. On the **Export** menu, select **Provisioning package**.
+1. On the **Export** menu, select **Provisioning package**.
-19. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
+1. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
-20. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
+1. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
- - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
+ - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
- - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
+ - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
-21. Select **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
+1. Select **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
Optionally, you can select **Browse** to change the default output location.
-22. Select **Next**.
+1. Select **Next**.
-23. Select **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+1. Select **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
If you need to cancel the build, select **Cancel**. It cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
-24. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+1. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
- - If you choose, you can build the provisioning package again and pick a different path for the output package. To change the path, select **Back** to change the output package name and path, and then select **Next** to start another build.
- - If you're done, select **Finish** to close the wizard and go back to the **Customizations Page**.
-
-25. Copy the provisioning package to the target device.
-
-26. Double-click the ppkg file and allow it to install.
-
-## Related articles
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
+ - If you choose, you can build the provisioning package again and pick a different path for the output package. To change the path, select **Back** to change the output package name and path, and then select **Next** to start another build.
+ - If you're done, select **Finish** to close the wizard and go back to the **Customizations Page**.
+1. Copy the provisioning package to the target device.
+1. Double-click the ppkg file and allow it to install.
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/start/supported-csp-start-menu-layout-windows.md
similarity index 91%
rename from windows/configuration/supported-csp-start-menu-layout-windows.md
rename to windows/configuration/start/supported-csp-start-menu-layout-windows.md
index d079399d4b..fcc05cbe55 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/start/supported-csp-start-menu-layout-windows.md
@@ -1,24 +1,14 @@
---
title: Supported CSP policies to customize Start menu on Windows 11 | Microsoft Docs
description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu.
-manager: aaroncz
-ms.author: lizlong
-ms.reviewer: ericpapa
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.technology: itpro-configure
ms.date: 12/31/2017
ms.topic: article
+appliesto:
+- ✅ Windows 11
---
# Supported configuration service provider (CSP) policies for Windows 11 Start menu
-**Applies to**:
-
-- Windows 11
-- Windows 11, version 22H2
-
The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start). For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
@@ -49,7 +39,7 @@ For information on customizing the Start menu layout using policy, see [Customiz
- [Start/HideUserTile](/windows/client-management/mdm/policy-csp-start#start-hideusertile)
- [Start/HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists)
- [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#start-nopinningtotaskbar)
-- **Start/ShowOrHideMostUsedApps**: New policy starting with Windows 11. This policy enforces always showing Most Used Apps, or always hiding Most Used Apps in the Start menu. If you use this policy, the [Start/HideFrequentlyUsedApps](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) policy is ignored.
+- **Start/ShowOrHideMostUsedApps**: New policy starting with Windows 1. This policy enforces always showing Most Used Apps, or always hiding Most Used Apps in the Start menu. If you use this policy, the [Start/HideFrequentlyUsedApps](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) policy is ignored.
The [Start/HideFrequentlyUsedApps](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) policy enforces hiding Most Used Apps on the Start menu. You can't use this policy to enforce always showing Most Used Apps on the Start menu.
@@ -64,7 +54,8 @@ For information on customizing the Start menu layout using policy, see [Customiz
- [Start/HideRecentlyAddedApps](/windows/client-management/mdm/policy-csp-start#start-hiderecentlyaddedapps)
- Group policy: `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove "Recently added" list from Start Menu`
-
+
+
> [!NOTE]
> The following two policies are supported starting in Windows 11, version 22H2
@@ -74,6 +65,7 @@ For information on customizing the Start menu layout using policy, see [Customiz
- `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove All Programs list from the Start menu`
- [Start/DisableContextMenus](/windows/client-management/mdm/policy-csp-start#start-disablecontextmenus)
- - Group policy:
+ - Group policy:
+
- `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Disable context menus in the Start Menu`
- `User Configuration\Administrative Templates\Start Menu and Taskbar\Disable context menus in the Start Menu`
diff --git a/windows/configuration/start/toc.yml b/windows/configuration/start/toc.yml
new file mode 100644
index 0000000000..649a679653
--- /dev/null
+++ b/windows/configuration/start/toc.yml
@@ -0,0 +1,23 @@
+items:
+- name: Customizethe Start menu in Windows 11
+ href: customize-start-menu-layout-windows-11.md
+- name: Supported Start menu CSPs
+ href: supported-csp-start-menu-layout-windows.md
+- name: Start layout and taskbar
+ href: windows-10-start-layout-options-and-policies.md
+- name: Use XML
+ items:
+ - name: Customize and export Start layout
+ href: customize-and-export-start-layout.md
+ - name: Add image for secondary Microsoft Edge tiles
+ href: start-secondary-tiles.md
+ - name: Start layout XML for Windows 10 desktop editions (reference)
+ href: start-layout-xml-desktop.md
+- name: Use group policy
+ href: customize-windows-10-start-screens-by-using-group-policy.md
+- name: Use provisioning packages
+ href: customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+- name: Use mobile device management (MDM)
+ href: customize-windows-10-start-screens-by-using-mobile-device-management.md
+- name: Troubleshoot Start menu errors
+ href: /troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors
diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/start/windows-10-start-layout-options-and-policies.md
similarity index 88%
rename from windows/configuration/windows-10-start-layout-options-and-policies.md
rename to windows/configuration/start/windows-10-start-layout-options-and-policies.md
index 2603aa56ac..6bc1b415c5 100644
--- a/windows/configuration/windows-10-start-layout-options-and-policies.md
+++ b/windows/configuration/start/windows-10-start-layout-options-and-policies.md
@@ -1,20 +1,12 @@
---
title: Customize and manage the Windows 10 Start and taskbar layout
description: On Windows devices, customize the start menu layout and taskbar using XML, group policy, provisioning package, or MDM policy. You can add pinned folders, add a start menu size, pin apps to the taskbar, and more.
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
ms.date: 08/05/2021
---
# Customize the Start menu and taskbar layout on Windows 10 and later devices
-**Applies to**:
-
-- Windows 10 version 1607 and later
-- Windows Server 2016 with Desktop Experience
-- Windows Server 2019 with Desktop Experience
-
> **Looking for consumer information?** [See what's on the Start menu](https://support.microsoft.com/help/17195/windows-10-see-whats-on-the-menu)
>
> **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
@@ -22,7 +14,7 @@ ms.date: 08/05/2021
Your organization can deploy a customized Start and taskbar to Windows 10 Professional, Enterprise, or Education devices. Use a standard, customized Start layout on devices that are common to multiple users, and devices that are locked down. Configuring the taskbar allows you to pin useful apps for your users, and remove apps that are pinned by default.
>[!NOTE]
->Support for applying a customized taskbar using MDM is added in Windows 10, version 1703.
+>Support for applying a customized taskbar using MDM is added in Windows 10, version 1701.
As administrator, you can use these features to customize Start and taskbar to meet your organization needs. This article describes the different ways you can customize Start and taskbar, and lists the Start policies. It also includes taskbar information on a clean operating system (OS) installation, and when an OS is upgraded.
@@ -39,7 +31,7 @@ For more information, see [Customize and export Start layout](customize-and-expo
For the **taskbar**, you can use the same XML file as the start screen. Or, you can create a new XML file. When you have the XML file, add this file to a group policy or a provisioning package. Using these methods, you can deploy the XML file to your devices. When the devices receive your policy, they'll use the taskbar settings you configured in the XML file.
-For more information, see [Configure Windows 10 taskbar](configure-windows-10-taskbar.md).
+For more information, see [Configure Windows 10 taskbar](../taskbar/configure-windows-10-taskbar.md).
## Use group policy
@@ -49,7 +41,7 @@ For more information, see [Use group policy to customize Windows 10 Start and ta
## Use provisioning packages
-Provisioning packages are containers that include a set of configuration settings. They're designed to configure a device quickly, without installing a new image. For more information on what provisioning packages are, and what they do, see [Provisioning packages](./provisioning-packages/provisioning-packages.md).
+Provisioning packages are containers that include a set of configuration settings. They're designed to configure a device quickly, without installing a new image. For more information on what provisioning packages are, and what they do, see [Provisioning packages](../provisioning-packages/provisioning-packages.md).
Using a provisioning package, you can customize the Start and taskbar. For more information, see [Use provisioning packages to customize Windows 10 Start and taskbar](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md).
@@ -65,7 +57,7 @@ For more information, see [Use MDM to customize Windows 10 Start and taskbar](cu
-The following list includes the different Start options, and any policy or local settings. The settings in the list can also be used in a provisioning package. If you use a provisioning package, see the [Windows Configuration Designer reference](./wcd/wcd-policies.md#start).
+The following list includes the different Start options, and any policy or local settings. The settings in the list can also be used in a provisioning package. If you use a provisioning package, see the [Windows Configuration Designer reference](../wcd/wcd-policies.md#start).
- **User tile**
- **Group policy**: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove Logoff on the Start menu`
@@ -164,7 +156,7 @@ There are three app categories that could be pinned to a taskbar:
- Default Windows apps pinned during the OS installation, such as Microsoft Edge, File Explorer, and Store
- Apps pinned by your organization, such as in an unattended Windows setup
- In an unattended Windows setup file, it's recommended to use the [layoutmodification.xml method](configure-windows-10-taskbar.md) to configure the taskbar options. It's not recommended to use [TaskbarLinks](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-taskbarlinks).
+ In an unattended Windows setup file, it's recommended to use the [layoutmodification.xml method](../taskbar/configure-windows-10-taskbar.md) to configure the taskbar options. It's not recommended to use [TaskbarLinks](/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-taskbarlinks).
The following example shows how apps are pinned. In OS configured to use a right-to-left language, the taskbar order is reversed:
@@ -203,7 +195,7 @@ On Windows 10 version 1607 and later, the new taskbar layout for upgrades apply
- If a user didn't pin the app, and the app is in the updated layout file, then the app is pinned to the right.
- New apps specified in updated layout file are pinned to right of user's pinned apps.
-[Learn how to configure Windows 10 taskbar](configure-windows-10-taskbar.md).
+[Learn how to configure Windows 10 taskbar](../taskbar/configure-windows-10-taskbar.md).
## Start layout configuration errors
@@ -211,14 +203,3 @@ If your Start layout customization isn't applied as you expect, open the **Event
- **Event 22**: The XML is malformed. The specified file isn't valid XML. This event can happen if the file has extra spaces or unexpected characters. Or, if the file isn't saved in the UTF8 format.
- **Event 64**: The XML is valid, and has unexpected values. This event can happen when the configuration isn't understood, elements aren't in [the required order](start-layout-xml-desktop.md#required-order), or source isn't found, such as a missing or misspelled `.lnk`.
-
-## Next steps
-
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/store/stop-employees-from-using-microsoft-store.md
similarity index 82%
rename from windows/configuration/stop-employees-from-using-microsoft-store.md
rename to windows/configuration/store/stop-employees-from-using-microsoft-store.md
index 416187989e..a70a6b5922 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/store/stop-employees-from-using-microsoft-store.md
@@ -1,21 +1,12 @@
---
title: Configure access to Microsoft Store
description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
-author: lizgt2000
-ms.author: lizlong
ms.topic: conceptual
ms.date: 11/29/2022
---
# Configure access to Microsoft Store
-**Applies to:**
-
-- Windows 10
-
-> [!TIP]
-> For more info about the features and functionality that are supported in each edition of Windows, see [Compare Windows 10 Editions](https://www.microsoft.com/WindowsForBusiness/Compare).
-
IT pros can configure access to Microsoft Store for client computers in their organization. For some organizations, business policies require blocking access to Microsoft Store.
> [!IMPORTANT]
@@ -37,21 +28,21 @@ For more information on AppLocker, see [What is AppLocker?](/windows/device-secu
1. Enter **`secpol`** in the search bar to find and start AppLocker.
-2. In the console tree of the snap-in, select **Application Control Policies**, select **AppLocker**, and then select **Packaged app Rules**.
+1. In the console tree of the snap-in, select **Application Control Policies**, select **AppLocker**, and then select **Packaged app Rules**.
-3. On the **Action** menu, or by right-clicking on **Packaged app Rules**, select **Create New Rule**.
+1. On the **Action** menu, or by right-clicking on **Packaged app Rules**, select **Create New Rule**.
-4. On **Before You Begin**, select **Next**.
+1. On **Before You Begin**, select **Next**.
-5. On **Permissions**, select the action (allow or deny) and the user or group that the rule should apply to, and then select **Next**.
+1. On **Permissions**, select the action (allow or deny) and the user or group that the rule should apply to, and then select **Next**.
-6. On **Publisher**, you can select **Use an installed app package as a reference**, and then select **Select**.
+1. On **Publisher**, you can select **Use an installed app package as a reference**, and then select **Select**.
-7. On **Select applications**, find and select **Store** under **Applications** column, and then select **OK**. Select **Next**.
+1. On **Select applications**, find and select **Store** under **Applications** column, and then select **OK**. Select **Next**.
[Create a rule for packaged apps](/windows/device-security/applocker/create-a-rule-for-packaged-apps) has more information on reference options and setting the scope on packaged app rules.
-8. Optional: On **Exceptions**, specify conditions by which to exclude files from being affected by the rule. Conditions allow you to add exceptions based on the same rule reference and rule scope as you set before. Select **Next**.
+1. Optional: On **Exceptions**, specify conditions by which to exclude files from being affected by the rule. Conditions allow you to add exceptions based on the same rule reference and rule scope as you set before. Select **Next**.
## Block Microsoft Store using configuration service provider
@@ -74,7 +65,7 @@ For more information on the rules available via AppLocker on the different suppo
Applies to: Windows 10 Enterprise, Windows 10 Education
> [!NOTE]
-> Not supported on Windows 10 Pro, starting with version 1511. For more info, see [Knowledge Base article #3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store).
+> Not supported on Windows 10 Pro, starting with version 151. For more info, see [Knowledge Base article #3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store).
You can also use Group Policy to manage access to Microsoft Store.
@@ -82,11 +73,11 @@ You can also use Group Policy to manage access to Microsoft Store.
1. Enter **`gpedit`** in the search bar to find and start Group Policy Editor.
-2. In the console tree of the snap-in, select **Computer Configuration**, select **Administrative Templates**, select **Windows Components**, and then select **Store**.
+1. In the console tree of the snap-in, select **Computer Configuration**, select **Administrative Templates**, select **Windows Components**, and then select **Store**.
-3. In the Setting pane, select **Turn off the Store application**, and then select **Edit policy setting**.
+1. In the Setting pane, select **Turn off the Store application**, and then select **Edit policy setting**.
-4. On the **Turn off the Store application** setting page, select **Enabled**, and then select **OK**.
+1. On the **Turn off the Store application** setting page, select **Enabled**, and then select **OK**.
> [!IMPORTANT]
> When you enable the policy to **Turn off the Store application**, it turns off app updates from the Microsoft Store. To allow store apps to update, disable the policy to **Turn off automatic download and install of Updates**. This policy is found under **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Store**. This configuration allows in-box store apps to update while still blocking access to the store.
@@ -101,13 +92,13 @@ If you're using Microsoft Store for Business and you want employees to only see
1. Enter **`gpedit`** in the search bar, and then select **Edit group policy (Control panel)** to find and start Group Policy Editor.
-2. In the console tree of the snap-in, go to **User Configuration** or **Computer Configuration** > **Administrative Templates** > **Windows Components**, and then select **Store**.
+1. In the console tree of the snap-in, go to **User Configuration** or **Computer Configuration** > **Administrative Templates** > **Windows Components**, and then select **Store**.
-3. Right-click **Only display the private store within the Microsoft Store app** in the right pane, and select **Edit**.
+1. Right-click **Only display the private store within the Microsoft Store app** in the right pane, and select **Edit**.
The **Only display the private store within the Microsoft Store app** policy settings will open.
-4. On the **Only display the private store within the Microsoft Store app** setting page, select **Enabled**, and then select **OK**.
+1. On the **Only display the private store within the Microsoft Store app** setting page, select **Enabled**, and then select **OK**.
## Related articles
diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/taskbar/configure-windows-10-taskbar.md
similarity index 82%
rename from windows/configuration/configure-windows-10-taskbar.md
rename to windows/configuration/taskbar/configure-windows-10-taskbar.md
index 65937f4400..b9ac41035d 100644
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/taskbar/configure-windows-10-taskbar.md
@@ -1,10 +1,10 @@
---
-title: Configure Windows 10 taskbar
+title: Configure Windows taskbar
description: Administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
-author: lizgt2000
-ms.author: lizlong
ms.topic: how-to
ms.date: 08/18/2023
+appliesto:
+- ✅ Windows 10
---
# Configure Windows 10 taskbar
@@ -14,7 +14,7 @@ Starting in Windows 10, version 1607, administrators can pin more apps to the ta
> [!NOTE]
> The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout.
-You can specify different taskbar configurations based on device locale and region. There's no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path (the local path to the application).
+You can specify different taskbar configurations based on device locale and region. There's no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](../kiosk/find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path (the local path to the application).
If you specify an app to be pinned that isn't provisioned for the user on the computer, the pinned icon won't appear on the taskbar.
@@ -27,36 +27,35 @@ The following example shows how apps will be pinned: Windows default apps to the
-
## Configure taskbar (general)
-**To configure the taskbar:**
+To configure the taskbar:
-1. Create the XML file.
- * If you're also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `` section from [the following sample](#sample-taskbar-configuration-added-to-start-layout-xml-file) to the file.
- * If you're only configuring the taskbar, use [the following sample](#sample-taskbar-configuration-xml-file) to create a layout modification XML file.
-2. Edit and save the XML file. You can use [AUMID](./find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path to identify the apps to pin to the taskbar.
- * Add `xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"` to the first line of the file, before the closing \>.
- * Use `` and [AUMID](./find-the-application-user-model-id-of-an-installed-app.md) to pin Universal Windows Platform apps.
- * Use `` and Desktop Application Link Path to pin desktop applications.
-3. Apply the layout modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md).
+1. Create the XML file
+ - If you're also [customizing the Start layout](../start/customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `` section from [the following sample](#sample-taskbar-configuration-added-to-start-layout-xml-file) to the file.
+ - If you're only configuring the taskbar, use [the following sample](#sample-taskbar-configuration-xml-file) to create a layout modification XML file
+1. Edit and save the XML file. You can use [AUMID](../kiosk/find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path to identify the apps to pin to the taskbar
+ - Add `xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"` to the first line of the file, before the closing \>.
+ - Use `` and [AUMID](../kiosk/find-the-application-user-model-id-of-an-installed-app.md) to pin Universal Windows Platform apps
+ - Use `` and Desktop Application Link Path to pin desktop applications
+1. Apply the layout modification XML file to devices using [Group Policy](../start/customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](../start/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md).
>[!IMPORTANT]
>If you use a provisioning package or import-startlayout to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user then unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration that allows users to make changes that will persist, apply your configuration by using Group Policy.
>
->If you use Group Policy and your configuration only contains a taskbar layout, the default Windows tile layout will be applied and cannot be changed by users. If you use Group Policy and your configuration includes taskbar and a full Start layout, users can only make changes to the taskbar. If you use Group Policy and your configuration includes taskbar and a [partial Start layout](.//customize-and-export-start-layout.md#configure-a-partial-start-layout), users can make changes to the taskbar and to tile groups not defined in the partial Start layout.
+>If you use Group Policy and your configuration only contains a taskbar layout, the default Windows tile layout will be applied and cannot be changed by users. If you use Group Policy and your configuration includes taskbar and a full Start layout, users can only make changes to the taskbar. If you use Group Policy and your configuration includes taskbar and a [partial Start layout](../start/customize-and-export-start-layout.md#configure-a-partial-start-layout), users can make changes to the taskbar and to tile groups not defined in the partial Start layout.
### Tips for finding AUMID and Desktop Application Link Path
-In the layout modification XML file, you'll need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path.
+In the layout modification XML file, you'll need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path.
The easiest way to find this data for an application is to:
-1. Pin the application to the Start menu on a reference or testing PC.
-2. Open Windows PowerShell and run the `Export-StartLayout` cmdlet.
-3. Open the generated XML file.
-4. Look for an entry corresponding to the app you pinned.
-5. Look for a property labeled `AppUserModelID` or `DesktopApplicationLinkPath`.
+1. Pin the application to the Start menu on a reference or testing PC
+1. Open Windows PowerShell and run the `Export-StartLayout` cmdlet
+1. Open the generated XML file
+1. Look for an entry corresponding to the app you pinned
+1. Look for a property labeled `AppUserModelID` or `DesktopApplicationLinkPath`
### Sample taskbar configuration XML file
@@ -78,6 +77,7 @@ The easiest way to find this data for an application is to:
```
+
### Sample taskbar configuration added to Start layout XML file
```xml
@@ -96,7 +96,8 @@ The easiest way to find this data for an application is to:
-
+
+
@@ -134,6 +135,7 @@ The `` section will append listed apps to the tas
```
+
**Before:**
@@ -167,6 +169,7 @@ If you only want to remove some of the default pinned apps, you would use this m
```
+
**Before:**
@@ -179,7 +182,6 @@ If you only want to remove some of the default pinned apps, you would use this m
By adding `PinListPlacement="Replace"` to ``, you remove all default pinned apps.
-
```xml
`, you
## Configure taskbar by country or region
-The following example shows you how to configure taskbars by country or region. When the layout is applied to a computer, if there's no `` node with a region tag for the current region, the first `` node that has no specified region will be applied. When you specify one or more countries or regions in a `` node, the specified apps are pinned on computers configured for any of the specified countries or regions.
+The following example shows you how to configure taskbars by country or region. When the layout is applied to a computer, if there's no `` node with a region tag for the current region, the first `` node that has no specified region will be applied. When you specify one or more countries or regions in a `` node, the specified apps are pinned on computers configured for any of the specified countries or regions.
```xml
@@ -254,13 +256,9 @@ The resulting taskbar for computers in any other country region:
-
> [!NOTE]
> [Look up country and region codes (use the ISO Short column)](/previous-versions/commerce-server/ee799297(v=cs.20))
-
-
-
## Layout Modification Template schema definition
```xml
@@ -310,21 +308,3 @@ The resulting taskbar for computers in any other country region:
```
-
-## Related topics
-
-[Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-
-[Customize and export Start layout](customize-and-export-start-layout.md)
-
-[Add image for secondary tiles](start-secondary-tiles.md)
-
-[Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-
-[Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-
-[Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-
-[Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-
-[Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/taskbar/customize-taskbar-windows-11.md
similarity index 88%
rename from windows/configuration/customize-taskbar-windows-11.md
rename to windows/configuration/taskbar/customize-taskbar-windows-11.md
index 72a4298b7c..6af8ef100f 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/taskbar/customize-taskbar-windows-11.md
@@ -1,25 +1,16 @@
---
title: Configure and customize Windows 11 taskbar
description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Intune. See what happens to the taskbar when the Windows OS client is installed or upgraded.
-manager: aaroncz
-ms.author: lizlong
-ms.reviewer: chataylo
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.collection:
- - tier1
-ms.technology: itpro-configure
ms.date: 08/17/2023
ms.topic: article
+ms.collection:
+ - tier1
+appliesto:
+- ✅ Windows 11
---
# Customize the Taskbar on Windows 11
-**Applies to**:
-
-- Windows 11
-
> **Looking for OEM information?** See [Customize the Taskbar](/windows-hardware/customize/desktop/customize-the-windows-11-taskbar) and [Customize the Start layout](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
Your organization can deploy a customized taskbar to your Windows devices. Customizing the taskbar is common when your organization uses a common set of apps, or wants to bring attention to specific apps. You can also remove the default pinned apps.
@@ -32,14 +23,10 @@ This article shows you how to create the XML file, add apps to the XML, and depl
## Before you begin
-- There isn't a limit on the number of apps that you can pin. In the XML file, add apps using the [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path (the local path to the app).
-
+- There isn't a limit on the number of apps that you can pin. In the XML file, add apps using the [Application User Model ID (AUMID)](../kiosk/find-the-application-user-model-id-of-an-installed-app.md) or Desktop Application Link Path (the local path to the app).
- There are some situations that an app pinned in your XML file won't be pinned in the taskbar. For example, if an app isn't approved or installed for a user, then the pinned icon won't show on the taskbar.
-
- The order of apps in the XML file dictates the order of pinned apps on the taskbar, from left to right, and to the right of any existing apps pinned by the user. If the OS is configured to use a right-to-left language, then the taskbar order is reversed.
-
-- Some classic Windows applications are packaged differently than they were in previous versions of Windows, including Notepad and File Explorer. Be sure to enter the correct AppID. For more information, see [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) and [Get the AUMID and Desktop app link path](#get-the-aumid-and-desktop-app-link-path) (in this article).
-
+- Some classic Windows applications are packaged differently than they were in previous versions of Windows, including Notepad and File Explorer. Be sure to enter the correct AppID. For more information, see [Application User Model ID (AUMID)](../kiosk/find-the-application-user-model-id-of-an-installed-app.md) and [Get the AUMID and Desktop app link path](#get-the-aumid-and-desktop-app-link-path) (in this article).
- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
@@ -71,23 +58,23 @@ This article shows you how to create the XML file, add apps to the XML, and depl
```
-2. In the `` node, add (or remove) the apps you want pinned. You can pin Universal Windows Platform (UWP) apps and desktop apps:
+1. In the `` node, add (or remove) the apps you want pinned. You can pin Universal Windows Platform (UWP) apps and desktop apps:
- - ``: Select this option for UWP apps. Add the [AUMID](./find-the-application-user-model-id-of-an-installed-app.md) of the UWP app.
+ - ``: Select this option for UWP apps. Add the [AUMID](../kiosk/find-the-application-user-model-id-of-an-installed-app.md) of the UWP app.
- ``: Select this option for desktop apps. Add the Desktop Application Link Path of the desktop app.
You can pin as many apps as you want. Just keep adding them to the list. Remember, the app order in the list is the same order the apps are shown on the taskbar.
For more information, see [Get the AUMID and Desktop app link path](#get-the-aumid-and-desktop-app-link-path) (in this article).
-3. In the `` node, the apps you add are pinned after the default apps. If you want to remove the default apps, and only show the apps you add in the XML file, then add `PinListPlacement="Replace"`:
+1. In the `` node, the apps you add are pinned after the default apps. If you want to remove the default apps, and only show the apps you add in the XML file, then add `PinListPlacement="Replace"`:
- ``: Keeps the default pinned apps. After the default apps, the apps you add are pinned.
- ``: Unpins the default apps. Only the apps you add are pinned.
If you want to remove some of the default pinned apps, then add `PinListPlacement="Replace"`. When you add your apps to ``, include the default apps you still want pinned.
-4. In the `` node, use `region=" | "` to use different taskbar configurations based on the device locale and region.
+1. In the `` node, use `region=" | "` to use different taskbar configurations based on the device locale and region.
In the following XML example, two regions are added: `US|UK` and `DE|FR`:
@@ -133,7 +120,7 @@ This article shows you how to create the XML file, add apps to the XML, and depl
- If the `` node has a country or region, then the apps are pinned on devices configured for that country or region.
- If the `` node doesn't have a region tag for the current region, then the first `` node with no region is applied.
-5. Save the file, and name the file so you know what it is. For example, name the file something like `TaskbarLayoutModification.xml`. Once you have the file, it's ready to be deployed to your Windows devices.
+1. Save the file, and name the file so you know what it is. For example, name the file something like `TaskbarLayoutModification.xml`. Once you have the file, it's ready to be deployed to your Windows devices.
## Use Group Policy or MDM to create and deploy a taskbar policy
@@ -146,20 +133,20 @@ This section shows you how to deploy the XML both ways.
Use the following steps to add your XML file to a group policy, and apply the policy:
1. Open your policy editor. For example, open Group Policy Management Console (GPMC) for domain-based group policies, or open `gpedit` for local policies.
-2. Go to one of the following policies:
+1. Go to one of the following policies:
- `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
- `User Configuration\Administrative Templates\Start Menu and Taskbar\Start Layout`
-3. Double-select `Start Layout` > **Enable**. Enter the fully qualified path to your XML file, including the XML file name. You can enter a local path, like `C:\StartLayouts\TaskbarLayoutModification.xml`, or a network path, like `\\Server\Share\TaskbarLayoutModification.xml`. Be sure you enter the correct file path. If using a network share, be sure to give users read access to the XML file. If the file isn't available when the user signs in, then the taskbar isn't changed. Users can't customize the taskbar when this setting is enabled.
+1. Double-select `Start Layout` > **Enable**. Enter the fully qualified path to your XML file, including the XML file name. You can enter a local path, like `C:\StartLayouts\TaskbarLayoutModification.xml`, or a network path, like `\\Server\Share\TaskbarLayoutModification.xml`. Be sure you enter the correct file path. If using a network share, be sure to give users read access to the XML file. If the file isn't available when the user signs in, then the taskbar isn't changed. Users can't customize the taskbar when this setting is enabled.
Your policy looks like the following policy:
- :::image type="content" source="./images/customize-taskbar-windows-11/start-layout-group-policy.png" alt-text="Add your taskbar layout XML file to the Start Layout policy on Windows devices.":::
+ :::image type="content" source="images/start-layout-group-policy.png" alt-text="Add your taskbar layout XML file to the Start Layout policy on Windows devices.":::
The `User Configuration\Administrative Templates\Start Menu and Taskbar` policy includes other settings that control the taskbar. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices.
-4. When you apply the policy, the taskbar includes your changes. The next time users sign in, they'll see the changes.
+1. When you apply the policy, the taskbar includes your changes. The next time users sign in, they'll see the changes.
For more information on using group policies, see [Implement Group Policy Objects](/training/modules/implement-group-policy-objects/).
@@ -171,25 +158,25 @@ Use the following steps to create an Intune policy that deploys your taskbar XML
1. Sign in to the [Intune admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-2. Select **Devices** > **Configuration profiles** > **Create profile**.
+1. Select **Devices** > **Configuration profiles** > **Create profile**.
-3. Enter the following properties:
+1. Enter the following properties:
- **Platform**: Select **Windows 10 and later**.
- **Profile type**: Select **Templates** > **Device restrictions** > **Create**.
-4. In **Basics**, enter the following properties:
+1. In **Basics**, enter the following properties:
- **Name**: Enter a descriptive name for the profile. Name your profiles so you can easily identify it later. For example, a good profile name is **Win11: Custom taskbar**.
- **Description**: Enter a description for the profile. This setting is optional, and recommended.
-5. Select **Next**.
+1. Select **Next**.
-6. In **Configuration settings**, select **Start** > **Start menu layout**. Browse to, and select your taskbar XML file.
+1. In **Configuration settings**, select **Start** > **Start menu layout**. Browse to, and select your taskbar XML file.
-7. Select **Next**, and configure the rest of the policy settings. For more specific information, see [Configure device restriction settings](/mem/intune/configuration/device-restrictions-configure).
+1. Select **Next**, and configure the rest of the policy settings. For more specific information, see [Configure device restriction settings](/mem/intune/configuration/device-restrictions-configure).
-8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time.
+1. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time.
For more information and guidance on assigning policies using Microsoft Intune, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
@@ -201,14 +188,14 @@ Use the following steps to create an Intune policy that deploys your taskbar XML
In the layout modification XML file, you add apps in the XML markup. To pin an app, you enter the AUMID or Desktop Application Link Path. The easiest way to find this app information is to use the [Export-StartLayout](/powershell/module/startlayout/export-startlayout) Windows PowerShell cmdlet:
1. On an existing Windows 11 device, pin the app to the Start menu.
-2. Create a folder to save an output file. For example, create the `C:\Layouts` folder.
-3. Open the Windows PowerShell app, and run the following cmdlet:
+1. Create a folder to save an output file. For example, create the `C:\Layouts` folder.
+1. Open the Windows PowerShell app, and run the following cmdlet:
```powershell
Export-StartLayout -Path "C:\Layouts\GetIDorPath.xml"
```
-4. Open the generated GetIDorPath.xml file, and look for the app you pinned. When you find the app, get the AppID or Path. Add these properties to your XML file.
+1. Open the generated GetIDorPath.xml file, and look for the app you pinned. When you find the app, get the AppID or Path. Add these properties to your XML file.
## Pin order for all apps
@@ -223,8 +210,8 @@ On a taskbar, the following apps are typically pinned:
Apps are pinned in the following order:
1. Windows default apps are pinned first.
-2. User-pinned apps are pinned after the Windows default apps.
-3. XML-pinned apps are pinned after the user-pinned apps.
+1. User-pinned apps are pinned after the Windows default apps.
+1. XML-pinned apps are pinned after the user-pinned apps.
If the OS is configured to use a right-to-left language, then the taskbar order is reversed.
diff --git a/windows/configuration/images/customize-taskbar-windows-11/start-layout-group-policy.png b/windows/configuration/taskbar/images/start-layout-group-policy.png
similarity index 100%
rename from windows/configuration/images/customize-taskbar-windows-11/start-layout-group-policy.png
rename to windows/configuration/taskbar/images/start-layout-group-policy.png
diff --git a/windows/configuration/images/taskbar-default-plus.png b/windows/configuration/taskbar/images/taskbar-default-plus.png
similarity index 100%
rename from windows/configuration/images/taskbar-default-plus.png
rename to windows/configuration/taskbar/images/taskbar-default-plus.png
diff --git a/windows/configuration/images/taskbar-default-removed.png b/windows/configuration/taskbar/images/taskbar-default-removed.png
similarity index 100%
rename from windows/configuration/images/taskbar-default-removed.png
rename to windows/configuration/taskbar/images/taskbar-default-removed.png
diff --git a/windows/configuration/images/taskbar-default.png b/windows/configuration/taskbar/images/taskbar-default.png
similarity index 100%
rename from windows/configuration/images/taskbar-default.png
rename to windows/configuration/taskbar/images/taskbar-default.png
diff --git a/windows/configuration/taskbar/images/taskbar-generic.png b/windows/configuration/taskbar/images/taskbar-generic.png
new file mode 100644
index 0000000000..6d47a6795a
Binary files /dev/null and b/windows/configuration/taskbar/images/taskbar-generic.png differ
diff --git a/windows/configuration/images/taskbar-region-defr.png b/windows/configuration/taskbar/images/taskbar-region-defr.png
similarity index 100%
rename from windows/configuration/images/taskbar-region-defr.png
rename to windows/configuration/taskbar/images/taskbar-region-defr.png
diff --git a/windows/configuration/images/taskbar-region-other.png b/windows/configuration/taskbar/images/taskbar-region-other.png
similarity index 100%
rename from windows/configuration/images/taskbar-region-other.png
rename to windows/configuration/taskbar/images/taskbar-region-other.png
diff --git a/windows/configuration/images/taskbar-region-usuk.png b/windows/configuration/taskbar/images/taskbar-region-usuk.png
similarity index 100%
rename from windows/configuration/images/taskbar-region-usuk.png
rename to windows/configuration/taskbar/images/taskbar-region-usuk.png
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/taskbar/supported-csp-taskbar-windows.md
similarity index 81%
rename from windows/configuration/supported-csp-taskbar-windows.md
rename to windows/configuration/taskbar/supported-csp-taskbar-windows.md
index a24ff5885a..b4f8a0c732 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/taskbar/supported-csp-taskbar-windows.md
@@ -1,82 +1,73 @@
---
-title: Supported CSP policies to customize the Taskbar on Windows 11 | Microsoft Docs
+title: Supported CSP policies to customize the Taskbar on Windows 11
description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Taskbar.
-manager: aaroncz
-ms.author: lizlong
-ms.reviewer: chataylo
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.technology: itpro-configure
ms.date: 12/31/2017
ms.topic: article
----
+appliesto:
+- ✅ Windows 11
+---
-# Supported configuration service provider (CSP) policies for Windows 11 taskbar
+# Supported configuration service provider (CSP) policies for Windows 11 taskbar
-**Applies to**:
+The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). In an MDM policy, these CSPs are settings that you configure. When the policy is ready, you deploy the policy to your devices. This article lists the CSPs that are available to customize the Taskbar for Windows 11 devices.
-- Windows 11
+For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
-The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). In an MDM policy, these CSPs are settings that you configure. When the policy is ready, you deploy the policy to your devices. This article lists the CSPs that are available to customize the Taskbar for Windows 11 devices.
-
-For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
-
-## CSP policies to customize Windows 11 taskbar buttons
+## CSP policies to customize Windows 11 taskbar buttons
- [Search/ConfigureSearchOnTaskbarMode](/windows/client-management/mdm/policy-csp-search#configuresearchontaskbarmode)
- Group policy: `Computer Configuration\Administrative Templates\Windows Components\Search\Configures search on the taskbar`
- - Local setting: Settings > Personalization > Taskbar > Search
+ - Local setting: Settings > Personalization > Taskbar > Search
- [Start/HideTaskViewButton](/windows/client-management/mdm/policy-csp-start#hidetaskviewbutton)
- Group policy: `Computer and User Configuration\Administrative Templates\Start Menu and Taskbar\Hide the TaskView button`
- - Local setting: Settings > Personalization > Taskbar > Task view
+ - Local setting: Settings > Personalization > Taskbar > Task view
- [NewsAndInterests/AllowNewsAndInterests](/windows/client-management/mdm/policy-csp-newsandinterests#allownewsandinterests)
- Group policy: `Computer Configuration\Administrative Templates\Windows Components\Widgets\Allow widgets`
- - Local setting: Settings > Personalization > Taskbar > Widgets
+ - Local setting: Settings > Personalization > Taskbar > Widgets
- [Experience/ConfigureChatIcon](/windows/client-management/mdm/policy-csp-experience#configurechaticonvisibilityonthetaskbar)
- Group policy: `Computer Configuration\Administrative Templates\Windows Components\Chat\Configure the Chat icon setting`
- - Local setting: Settings > Personalization > Taskbar > Chat
+ - Local setting: Settings > Personalization > Taskbar > Chat
-## Existing CSP policies that Windows 11 taskbar supports
+## Existing CSP policies that Windows 11 taskbar supports
- [Start/HideRecentJumplists](/windows/client-management/mdm/policy-csp-start#hiderecentjumplists)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not keep history of recently opened documents`
- - Local setting: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
+ - Local setting: Settings > Personalization > Start > Show recently opened items in Jump Lists on Start or the taskbar
- [Start/NoPinningToTaskbar](/windows/client-management/mdm/policy-csp-start#nopinningtotaskbar)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not allow pinning programs to the Taskbar`
- - Local setting: None
+ - Local setting: None
-## Existing CSP policies that Windows 11 doesn't support
+## Existing CSP policies that Windows 11 doesn't support
-The following list includes some of the CSP policies that aren't supported on Windows 11:
+The following list includes some of the CSP policies that aren't supported on Windows 11:
- [ADMX_Taskbar/TaskbarLockAll](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarlockall)
- - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Lock all taskbar settings`
+ - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Lock all taskbar settings`
- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarnoaddremovetoolbar)
- - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from adding or removing toolbars`
+ - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from adding or removing toolbars`
- [ADMX_Taskbar/TaskbarNoDragToolbar](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarnodragtoolbar)
- - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from rearranging toolbars`
+ - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from rearranging toolbars`
- [ADMX_Taskbar/TaskbarNoRedock](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarnoredock)
- - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from moving taskbar to another screen dock location`
+ - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from moving taskbar to another screen dock location`
- [ADMX_Taskbar/TaskbarNoResize](/windows/client-management/mdm/policy-csp-admx-taskbar#taskbarnoresize)
- - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from resizing the taskbar`
+ - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent users from resizing the taskbar`
- [ADMX_StartMenu/NoToolbarsOnTaskbar](/windows/client-management/mdm/policy-csp-admx-startmenu#notoolbarsontaskbar)
- - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not display any custom toolbars in the taskbar`
+ - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Do not display any custom toolbars in the taskbar`
- [ADMX_StartMenu/NoTaskGrouping](/windows/client-management/mdm/policy-csp-admx-startmenu#notaskgrouping)
- - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent grouping of taskbar items`
+ - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Prevent grouping of taskbar items`
- [ADMX_StartMenu/QuickLaunchEnabled](/windows/client-management/mdm/policy-csp-admx-startmenu#quicklaunchenabled)
- - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Show QuickLaunch on Taskbar`
+ - Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Show QuickLaunch on Taskbar`
- [Start/HidePeopleBar](/windows/client-management/mdm/policy-csp-start#hidepeoplebar)
- Group policy: `User Configuration\Administrative Templates\Start Menu and Taskbar\Remove the People Bar from the taskbar`
diff --git a/windows/configuration/taskbar/toc.yml b/windows/configuration/taskbar/toc.yml
new file mode 100644
index 0000000000..cbe3e66b83
--- /dev/null
+++ b/windows/configuration/taskbar/toc.yml
@@ -0,0 +1,7 @@
+items:
+- name: Customize the Taskbar in Windows 11
+ href: customize-taskbar-windows-11.md
+- name: Supported Taskbar CSPs
+ href: supported-csp-taskbar-windows.md
+- name: Customize the Taskbar in Windows 10
+ href: configure-windows-10-taskbar.md
\ No newline at end of file
diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/tips/manage-tips-and-suggestions.md
similarity index 63%
rename from windows/configuration/manage-tips-and-suggestions.md
rename to windows/configuration/tips/manage-tips-and-suggestions.md
index c4f9b5a850..02b2484664 100644
--- a/windows/configuration/manage-tips-and-suggestions.md
+++ b/windows/configuration/tips/manage-tips-and-suggestions.md
@@ -1,61 +1,32 @@
---
-title: Manage Windows 10 and Microsoft Store tips, fun facts, and suggestions (Windows 10)
+title: Manage Windows 10 and Microsoft Store tips, fun facts, and suggestions
description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees.
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
ms.topic: article
-ms.localizationpriority: medium
ms.date: 09/20/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
---
# Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
+Since its inception, Windows 10 has included a number of user experience features that provide useful tips, "fun facts", and suggestions as you use Windows, as well as app suggestions from the Microsoft Store. These features are designed to help people get the most out of their Windows 10 experience by, for example, sharing new features, providing more details on the features they use, or sharing content available in the Microsoft Store. Examples of such user experiences include:
-**Applies to**
-
-- Windows 10
-
-
-Since its inception, Windows 10 has included a number of user experience features that provide useful tips, "fun facts", and suggestions as you use Windows, as well as app suggestions from the Microsoft Store. These features are designed to help people get the most out of their Windows 10 experience by, for example, sharing new features, providing more details on the features they use, or sharing content available in the Microsoft Store. Examples of such user experiences include:
-
-* **Windows Spotlight on the lock screen**. Daily updated images on the lock screen that can include additional facts and tips in “hotspots” that are revealed on hover.
-
-* **Start menu app suggestions**. App suggestions in Start that recommend productivity tool or utilities from the Microsoft Store.
-
-* **Additional apps on Start**. Additional apps pre-installed on the Start screen which can enhance the user’s experience.
-
-* **Windows tips**. Contextual tips that appear based on specific user actions to reveal related Windows features or help users complete a scenario.
-
-* **Microsoft account notifications**. For users who have a connected Microsoft account, toast notifications about their account like parental control notifications or subscription expiration.
+* **Windows Spotlight on the lock screen**. Daily updated images on the lock screen that can include additional facts and tips in "hotspots" that are revealed on hover.
+* **Start menu app suggestions**. App suggestions in Start that recommend productivity tool or utilities from the Microsoft Store.
+* **Additional apps on Start**. Additional apps pre-installed on the Start screen which can enhance the user's experience.
+* **Windows tips**. Contextual tips that appear based on specific user actions to reveal related Windows features or help users complete a scenario.
+* **Microsoft account notifications**. For users who have a connected Microsoft account, toast notifications about their account like parental control notifications or subscription expiration.
>[!TIP]
-> On all Windows desktop editions, users can directly enable and disable Windows 10 tips, "fun facts", and suggestions and Microsoft Store suggestions. For example, users are able to select personal photos for the lock screen as opposed to the images provided by Microsoft, or turn off tips, "fun facts", or suggestions as they use Windows.
+> On all Windows desktop editions, users can directly enable and disable Windows 10 tips, "fun facts", and suggestions and Microsoft Store suggestions. For example, users are able to select personal photos for the lock screen as opposed to the images provided by Microsoft, or turn off tips, "fun facts", or suggestions as they use Windows.
-Windows 10 provides organizations the ability to centrally manage the type of content provided by these features through Group Policy or mobile device management (MDM). The following table describes how administrators can manage suggestions and tips in Windows 10 commercial and education editions.
+Windows 10 provides organizations the ability to centrally manage the type of content provided by these features through Group Policy or mobile device management (MDM). The following table describes how administrators can manage suggestions and tips in Windows 10 commercial and education editions.
## Options available to manage Windows 10 tips and "fun facts" and Microsoft Store suggestions
-| Windows 10 edition | Disable |Show Microsoft apps only | Show Microsoft and popular third-party apps |
-| --- | --- | --- | --- |
-| Windows 10 Pro | No | Yes | Yes (default) |
-| Windows 10 Enterprise | Yes | Yes | Yes (default) |
-| Windows 10 Pro Education | Yes (default) | Yes | No (setting cannot be changed) |
+| Windows 10 edition | Disable | Show Microsoft apps only | Show Microsoft and popular third-party apps |
+|--|--|--|--|
+| Windows 10 Pro | No | Yes | Yes (default) |
+| Windows 10 Enterprise | Yes | Yes | Yes (default) |
+| Windows 10 Pro Education | Yes (default) | Yes | No (setting cannot be changed) |
| Windows 10 Education | Yes (default) | Yes | No (setting cannot be changed) |
-[Learn more about policy settings for Windows Spotlight.](windows-spotlight.md)
-
-## Related topics
-
-- [Manage Windows 10 Start layout](windows-10-start-layout-options-and-policies.md)
-- [Cortana integration in your business or enterprise](cortana-at-work/cortana-at-work-overview.md)
-- [Windows spotlight on the lock screen](windows-spotlight.md)
-- [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers)
-
-
-
-
-
+[Learn more about policy settings for Windows Spotlight.](../lock-screen/windows-spotlight.md)
diff --git a/windows/configuration/toc.yml b/windows/configuration/toc.yml
new file mode 100644
index 0000000000..ca93c8e7db
--- /dev/null
+++ b/windows/configuration/toc.yml
@@ -0,0 +1,31 @@
+items:
+- name: Configure Windows client
+ href: index.yml
+- name: Accessibility information for IT Pros
+ href: accessibility/index.md
+- name: Customize the appearance
+ items:
+ - name: Start
+ href: start/toc.yml
+ - name: Taskbar
+ href: taskbar/toc.yml
+- name: Microsoft Store
+ items:
+ - name: Configure access to the Microsoft Store
+ href: store/stop-employees-from-using-microsoft-store.md
+ - name: Manage Microsoft Store tips, "fun facts", and suggestions
+ href: tips/manage-tips-and-suggestions.md
+- name: Windows Spotlight
+ href: lock-screen/windows-spotlight.md
+- name: Cellular settings
+ href: cellular/provisioning-apn.md
+- name: Kiosks and restricted user experience
+ href: kiosk/toc.yml
+- name: Multi-user and guest devices
+ href: shared-pc/toc.yml
+- name: Use provisioning packages
+ href: provisioning-packages/toc.yml
+- name: Windows Configuration Designer reference
+ href: wcd/toc.yml
+- name: User Experience Virtualization (UE-V)
+ href: ue-v/toc.yml
\ No newline at end of file
diff --git a/windows/configuration/ue-v/toc.yml b/windows/configuration/ue-v/toc.yml
new file mode 100644
index 0000000000..8da6a3d8d4
--- /dev/null
+++ b/windows/configuration/ue-v/toc.yml
@@ -0,0 +1,65 @@
+items:
+- name: User Experience Virtualization (UE-V) for Windows 10
+ href: uev-for-windows.md
+- name: Get started with UE-V
+ items:
+ - name: Get started with UE-V
+ href: uev-getting-started.md
+ - name: What's New in UE-V for Windows 10, version 1607
+ href: uev-whats-new-in-uev-for-windows.md
+ - name: User Experience Virtualization Release Notes
+ href: uev-release-notes-1607.md
+ - name: Upgrade to UE-V for Windows 10
+ href: uev-upgrade-uev-from-previous-releases.md
+- name: Prepare a UE-V Deployment
+ items:
+ - name: Prepare a UE-V Deployment
+ href: uev-prepare-for-deployment.md
+ - name: Deploy Required UE-V Features
+ href: uev-deploy-required-features.md
+ - name: Deploy UE-V for use with Custom Applications
+ href: uev-deploy-uev-for-custom-applications.md
+- name: Administer UE-V
+ items:
+ - name: UE-V administration guide
+ href: uev-administering-uev.md
+ - name: Manage Configurations for UE-V
+ items:
+ - name: Manage Configurations for UE-V
+ href: uev-manage-configurations.md
+ - name: Configuring UE-V with Group Policy Objects
+ href: uev-configuring-uev-with-group-policy-objects.md
+ - name: Configuring UE-V with Microsoft Configuration Manager
+ href: uev-configuring-uev-with-system-center-configuration-manager.md
+ - name: Administering UE-V with Windows PowerShell and WMI
+ href: uev-administering-uev-with-windows-powershell-and-wmi.md
+ - name: Managing the UE-V Service and Packages with Windows PowerShell and WMI
+ href: uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
+ - name: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
+ href: uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
+ - name: Working with Custom UE-V Templates and the UE-V Template Generator
+ href: uev-working-with-custom-templates-and-the-uev-generator.md
+ - name: Manage Administrative Backup and Restore in UE-V
+ href: uev-manage-administrative-backup-and-restore.md
+ - name: Changing the Frequency of UE-V Scheduled Tasks
+ href: uev-changing-the-frequency-of-scheduled-tasks.md
+ - name: Migrating UE-V Settings Packages
+ href: uev-migrating-settings-packages.md
+ - name: Using UE-V with Application Virtualization Applications
+ href: uev-using-uev-with-application-virtualization-applications.md
+- name: Troubleshooting UE-V
+ href: uev-troubleshooting.md
+- name: Technical Reference for UE-V
+ items:
+ - name: Technical Reference for UE-V
+ href: uev-technical-reference.md
+ - name: Sync Methods for UE-V
+ href: uev-sync-methods.md
+ - name: Sync Trigger Events for UE-V
+ href: uev-sync-trigger-events.md
+ - name: Synchronizing Microsoft Office with UE-V
+ href: uev-synchronizing-microsoft-office-with-uev.md
+ - name: Application Template Schema Reference for UE-V
+ href: uev-application-template-schema-reference.md
+ - name: Security Considerations for UE-V
+ href: uev-security-considerations.md
diff --git a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
index 9c048c2cf5..1c79ab5948 100644
--- a/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
+++ b/windows/configuration/ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -1,27 +1,17 @@
---
title: Administering UE-V with Windows PowerShell and WMI
description: Learn how User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Administering UE-V with Windows PowerShell and WMI
-**Applies to**
-- Windows 10, version 1607
-
User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks. The following sections provide more information about using Windows PowerShell in UE-V.
-> **Note** Administering UE-V with Windows PowerShell requires PowerShell 3.0 or higher. For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/).
+> [!NOTE]
+>
+> Administering UE-V with Windows PowerShell requires PowerShell 3.0 or higher. For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/).
## Managing the UE-V service and packages by using Windows PowerShell and WMI
@@ -31,17 +21,6 @@ You can use Windows PowerShell and Windows Management Instrumentation (WMI) to m
## Managing UE-V settings location templates by using Windows PowerShell and WMI
-
After you create and deploy UE-V settings location templates, you can manage those templates by using Windows PowerShell or WMI. The following topic describes how to manage the settings location templates by using Windows PowerShell and WMI.
[Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md)
-
-
-
-
-
-## Related topics
-
-- [Administering UE-V](uev-administering-uev.md)
-
-- [User Experience Virtualization in Windows PowerShell](/powershell/module/uev/)
diff --git a/windows/configuration/ue-v/uev-administering-uev.md b/windows/configuration/ue-v/uev-administering-uev.md
index 627039a508..40669d9a7a 100644
--- a/windows/configuration/ue-v/uev-administering-uev.md
+++ b/windows/configuration/ue-v/uev-administering-uev.md
@@ -1,81 +1,55 @@
---
title: Administering UE-V
description: Learn how to perform administrative tasks for User Experience Virtualization (UE-V). These tasks include configuring the UE-V service and recovering lost settings.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Administering UE-V
-**Applies to**
-- Windows 10, version 1607
-
After you finish deploying User Experience Virtualization (UE-V), you'll perform ongoing administrative tasks, such as managing the configuration of the UE-V service and recovering lost settings. These tasks are explained in the following sections.
## Managing UE-V configurations
-
In the course of the UE-V lifecycle, you'll manage the configuration of the UE-V service and also manage storage locations for resources such as settings package files.
[Manage Configurations for UE-V](uev-manage-configurations.md)
## Working with custom UE-V templates and the UE-V template generator
-
This topic explains how to use the UE-V template generator and manage custom settings location templates.
[Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md)
## Back up and restore application and Windows settings that are synchronized with UE-V
-
Windows Management Instrumentation (WMI) and Windows PowerShell features of UE-V allow you to restore settings packages. By using WMI and Windows PowerShell commands, you can restore application and Windows settings to their original state and restore other settings when a user adopts a new device.
[Manage Administrative Backup and Restore in UE-V](uev-manage-administrative-backup-and-restore.md)
## Changing the frequency of UE-V scheduled tasks
-
You can configure the scheduled tasks that manage when UE-V checks for new or updated settings or for updated custom settings location templates in the settings template catalog.
[Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md)
## Migrating UE-V settings packages
-
You can relocate the user settings packages either when they migrate to a new server or for backup purposes.
[Migrating UE-V Settings Packages](uev-migrating-settings-packages.md)
## Using UE-V with Application Virtualization applications
-
You can use UE-V with Microsoft Application Virtualization (App-V) to share settings between virtual applications and installed applications across multiple computers.
[Using UE-V with Application Virtualization Applications](uev-using-uev-with-application-virtualization-applications.md)
## Other resources for this feature
-
-- [User Experience Virtualization for Windows overview](uev-for-windows.md)
-
-- [Get Started with UE-V](uev-getting-started.md)
-
-- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
-
-- [Troubleshooting UE-V](uev-troubleshooting.md)
-
-- [Technical Reference for UE-V](uev-technical-reference.md)
-
-
-
+- [User Experience Virtualization for Windows overview](uev-for-windows.md)
+- [Get Started with UE-V](uev-getting-started.md)
+- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+- [Troubleshooting UE-V](uev-troubleshooting.md)
+- [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-application-template-schema-reference.md b/windows/configuration/ue-v/uev-application-template-schema-reference.md
index 21e3edd00d..33f11ea8eb 100644
--- a/windows/configuration/ue-v/uev-application-template-schema-reference.md
+++ b/windows/configuration/ue-v/uev-application-template-schema-reference.md
@@ -1,63 +1,38 @@
---
title: Application Template Schema Reference for UE-V
description: Learn details about the XML structure of the UE-V settings location templates and learn how to edit these files.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Application Template Schema Reference for UE-V
-**Applies to**
-- Windows 10, version 1607
-
User Experience Virtualization (UE-V) uses XML settings location templates to define the desktop application settings and Windows settings that are captured and applied by UE-V. UE-V includes a set of default settings location templates. You can also create custom settings location templates with the UE-V template generator.
An advanced user can customize the XML file for a settings location template. This topic details the XML structure of the UE-V settings location templates and provides guidance for editing these files.
## UE-V Application Template Schema Reference
-
This section details the XML structure of the UE-V settings location template and provides guidance for editing this file.
### In This Section
-- [XML Declaration and Encoding Attribute](#xml21)
-
-- [Namespace and Root Element](#namespace21)
-
-- [Data types](#data21)
-
-- [Name Element](#name21)
-
-- [ID Element](#id21)
-
-- [Version Element](#version21)
-
-- [Author Element](#author21)
-
-- [Processes and Process Element](#processes21)
-
-- [Application Element](#application21)
-
-- [Common Element](#common21)
-
-- [SettingsLocationTemplate Element](#settingslocationtemplate21)
-
-- [Appendix: SettingsLocationTemplate.xsd](#appendix21)
+- [XML Declaration and Encoding Attribute](#xml21)
+- [Namespace and Root Element](#namespace21)
+- [Data types](#data21)
+- [Name Element](#name21)
+- [ID Element](#id21)
+- [Version Element](#version21)
+- [Author Element](#author21)
+- [Processes and Process Element](#processes21)
+- [Application Element](#application21)
+- [Common Element](#common21)
+- [SettingsLocationTemplate Element](#settingslocationtemplate21)
+- [Appendix: SettingsLocationTemplate.xsd](#appendix21)
### XML Declaration and Encoding Attribute
**Mandatory: True**
-
**Type: String**
The XML declaration must specify the XML version 1.0 attribute (<?xml version="1.0">). Settings location templates created by the UE-V template generator are saved in UTF-8 encoding, although the encoding isn't explicitly specified. We recommend that you include the encoding="UTF-8" attribute in this element as a best practice. All templates included with the product specify this tag as well (see the documents in %ProgramFiles%\\Microsoft User Experience Virtualization\\Templates for reference). For example:
@@ -67,7 +42,6 @@ The XML declaration must specify the XML version 1.0 attribute (<?xml version
### Namespace and Root Element
**Mandatory: True**
-
**Type: String**
UE-V uses the `https://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate` namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
@@ -127,7 +101,7 @@ Path is consumed by RegistrySetting and FileSetting to refer to registry and fil
Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders aren't included. For registry paths, all values in the current path are captured but child registry keys aren't captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items.
-The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This removal may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server.
+The DeleteIfNotFound attribute removes the setting from the user's settings storage path data. This removal may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server.
**FileMask**
FileMask specifies only certain file types for the folder that is defined by Path. For example, Path might be `C:\users\username\files` and FileMask could be `*.txt` to include only text files.
@@ -144,28 +118,24 @@ Settings is a container for all the settings that apply to a particular template
|Element|Description|
|--- |--- |
|Asynchronous|Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This element is useful for settings that can be applied asynchronously, such as those settings get/set through an API, like SystemParameterSetting.|
-|PreventOverlappingSynchronization|By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those templates that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.|
+|PreventOverlappingSynchronization|By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to 'false', UE-V exports the settings even if other instances of an application are running. Suited templates - those templates that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.|
|AlwaysApplySettings|This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.|
### Name Element
**Mandatory: True**
-
**Type: String**
Name specifies a unique name for the settings location template. This name is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this referencing can be objected from the ProductVersion element. For example, specify `My Application` rather than `My Application 1.1`.
> [!NOTE]
-> UE-V does not reference external DTDs, so it's not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
+> UE-V does not reference external DTDs, so it's not possible to use named entities in a settings location template. For example, do not use ® to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
See for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V template generator converts character entities to their Unicode representations automatically.
-
-
### ID Element
**Mandatory: True**
-
**Type: String**
ID populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime (for example, see the output of the Get-UevTemplate and Get-UevTemplateProgram PowerShell cmdlets). By convention, this tag shouldn't contain any spaces, which simplifies scripting. Version numbers of applications should be specified in this element to allow for easy identification of the template, such as `MicrosoftOffice2016Win64`.
@@ -173,11 +143,8 @@ ID populates a unique identifier for a particular template. This tag becomes the
### Version Element
**Mandatory: True**
-
**Type: Integer**
-
**Minimum Value: 0**
-
**Maximum Value: 2147483647**
Version identifies the version of the settings location template for administrative tracking of changes. The UE-V template generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `2.5` aren't allowed.
@@ -200,18 +167,13 @@ Version identifies the version of the settings location template for administrat
> [!IMPORTANT]
> This value is queried to determine if a new version of a template should be applied to an existing template in these instances:
-- When the scheduled Template Auto Update task executes
-
-- When the Update-UevTemplate PowerShell cmdlet is executed
-
-- When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI
-
-
+- When the scheduled Template Auto Update task executes
+- When the Update-UevTemplate PowerShell cmdlet is executed
+- When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI
### Author Element
**Mandatory: False**
-
**Type: String**
Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly.
@@ -219,7 +181,6 @@ Author identifies the creator of the settings location template. Two optional ch
### Processes and Process Element
**Mandatory: True**
-
**Type: Element**
Processes contain at least one `` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
@@ -231,16 +192,16 @@ Processes contain at least one `` element, which in turn contains the f
MyApplication MyApplication.exe
-
-
-
-
+
+
+
+
-
-
-
-
+
+
+
+
```
@@ -248,7 +209,6 @@ Processes contain at least one `` element, which in turn contains the f
### Filename
**Mandatory: True**
-
**Type: String**
Filename refers to the actual file name of the executable as it appears in the file system. This element specifies the primary criterion that UE-V uses to evaluate whether a template applies to a process or not. This element must be specified in the settings location template XML.
@@ -262,40 +222,31 @@ Valid filenames must not match the regular expression \[^\\\\\\?\\\*\\|<>/
A value of **True** indicates that the string contains illegal characters. Here are some examples of illegal values:
-- \\\\server\\share\\program.exe
-
-- Program\*.exe
-
-- Pro?ram.exe
-
-- Program<1>.exe
+- \\\\server\\share\\program.exe
+- Program\*.exe
+- Pro?ram.exe
+- Program<1>.exe
> [!NOTE]
> The UE-V template generator encodes the greater than and less than characters as > and < respectively.
-
-
-In rare circumstances, the FileName value won't necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplication.exe` should be specified instead of `MyApplication`. The second example won't apply the template to the process if the actual name of the executable file is “MyApplication.exe”.
+In rare circumstances, the FileName value won't necessarily include the .exe extension, but it should be specified as part of the value. For example, `MyApplication.exe` should be specified instead of `MyApplication`. The second example won't apply the template to the process if the actual name of the executable file is "MyApplication.exe".
### Architecture
**Mandatory: False**
-
**Type: Architecture (String)**
Architecture refers to the processor architecture for which the target executable was compiled. Valid values are Win32 for 32-bit applications or Win64 for 64-bit applications. If present, this tag limits the applicability of the settings location template to a particular application architecture. For an example of this applicability restriction, compare the %ProgramFiles%\\Microsoft User Experience Virtualization\\templates\\ MicrosoftOffice2016Win32.xml and MicrosoftOffice2016Win64.xml files included with UE-V. This applicability restriction is useful when relative paths change between different versions of an executable or if settings have been added or removed when moving from one processor architecture to another.
-If this element is absent, the settings location template ignores the process’ architecture and applies to both 32-bit and 64-bit processes if the file name and other attributes apply.
+If this element is absent, the settings location template ignores the process' architecture and applies to both 32-bit and 64-bit processes if the file name and other attributes apply.
> [!NOTE]
> UE-V does not support ARM processors in this version.
-
-
### ProductName
**Mandatory: False**
-
**Type: String**
ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This flexibility allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
@@ -305,7 +256,7 @@ ProductName is an optional element used to identify a product for administrative
MyApplication.exeMy Application 6.x by Contoso.com
-
+
```
@@ -313,7 +264,6 @@ ProductName is an optional element used to identify a product for administrative
### FileDescription
**Mandatory: False**
-
**Type: String**
FileDescription is an optional tag that allows for an administrative description of the executable file. This tag is a free text field and can be useful in distinguishing multiple executables within a software package where there's a need to identify the function of the executable.
@@ -343,7 +293,6 @@ For example, in a suited application, it might be useful to provide reminders ab
### ProductVersion
**Mandatory: False**
-
**Type: String**
ProductVersion refers to the major and minor product versions of a file, as well as a build and patch level. ProductVersion is an optional element, but if specified, it must contain at least the Major child element. The value must express a range in the form Minimum="X" Maximum="Y" where X and Y are integers. The Minimum and Maximum values can be identical.
@@ -397,7 +346,6 @@ Only the Minor element is present. Major must be included as well.
### FileVersion
**Mandatory: False**
-
**Type: String**
FileVersion differentiates between the release version of a published application and the internal build details of a component executable. For most of the commercial applications, these numbers are identical. Where they vary, the product version of a file indicates a generic version identification of a file, while file version indicates a specific build of a file (as in the example of a hotfix or update). This file version uniquely identifies files without breaking detection logic.
@@ -436,12 +384,11 @@ Application is a container for settings that apply to a particular application.
|LocalizedDescriptions|An optional template description localized by a language locale.|
|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
-|DeferToOffice365|Similar to MSA, this type controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
+|DeferToOffice365|Similar to MSA, this type controls whether this template is enabled in conjunction with Office361. If Office 365 is being used to sync settings, this template will automatically be disabled.|
|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and can't be changed via WMI or PowerShell.|
|Processes|A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).|
|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21)".|
-
### Common Element
Common is similar to an Application element, but it's always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It's a collection of the following fields/types.
@@ -455,7 +402,7 @@ Common is similar to an Application element, but it's always associated with two
|LocalizedDescriptions|An optional template description localized by a language locale.|
|Version|Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).|
|DeferToMSAccount|Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.|
-|DeferToOffice365|Similar to MSA, this type controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.|
+|DeferToOffice365|Similar to MSA, this type controls whether this template is enabled in conjunction with Office361. If Office 365 is being used to sync settings, this template will automatically be disabled.|
|FixedProfile|Specifies that this template can only be associated with the profile specified within this element, and can't be changed via WMI or PowerShell.|
|Settings|A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see **Settings** in [Data types](#data21).|
@@ -471,7 +418,6 @@ This element defines the settings for a single application or a suite of applica
|LocalizedNames|An optional name displayed in the UI, localized by a language locale.|
|LocalizedDescriptions|An optional template description localized by a language locale.|
-
### Appendix: SettingsLocationTemplate.xsd
Here's the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters:
@@ -749,7 +695,6 @@ Here's the SettingsLocationTemplate.xsd file showing its elements, child element
-
@@ -793,12 +738,7 @@ Here's the SettingsLocationTemplate.xsd file showing its elements, child element
```
-
-
-
-
## Related topics
[Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md)
-
[Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
index 0104526a2b..6a92f5dd46 100644
--- a/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
+++ b/windows/configuration/ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -1,33 +1,18 @@
---
title: Changing the Frequency of UE-V Scheduled Tasks
description: Learn how to create a script that uses the Schtasks.exe command-line options so you can change the frequency of UE-V scheduled tasks.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Changing the Frequency of UE-V Scheduled Tasks
-**Applies to**
-- Windows 10, version 1607
-
When the User Experience Virtualization (UE-V) service is enabled, it creates the following scheduled tasks:
-- [Monitor Application Settings](#monitor-application-settings)
-
-- [Sync Controller Application](#sync-controller-application)
-
-- [Synchronize Settings at Logoff](#synchronize-settings-at-logoff)
-
-- [Template Auto Update](#template-auto-update)
+- [Monitor Application Settings](#monitor-application-settings)
+- [Sync Controller Application](#sync-controller-application)
+- [Synchronize Settings at Logoff](#synchronize-settings-at-logoff)
+- [Template Auto Update](#template-auto-update)
> [!NOTE]
> These tasks must remain enabled, because UE-V cannot function without them.
@@ -59,7 +44,7 @@ The **Sync Controller Application** task is used to start the Sync Controller to
For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes.
```console
-Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15
+Schtasks /change /tn "Microsoft\UE-V\Sync Controller Application" /ri 15
```
### Synchronize Settings at Logoff
@@ -78,14 +63,12 @@ The **Template Auto Update** task checks the settings template catalog for new,
|--- |--- |
|\Microsoft\UE-V\Template Auto Update|System startup and at 3:30 AM every day, at a random time within a 1-hour window|
-
**Example:** The following command configures the UE-V service to check the settings template catalog store every hour.
```console
schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60
```
-
## UE-V Scheduled Task Details
The following chart provides additional information about scheduled tasks for UE-V 2:
@@ -99,40 +82,28 @@ The following chart provides additional information about scheduled tasks for UE
**Legend**
-- **Power Toggle** – Task Scheduler will optimize power consumption when not connected to AC power. The task might stop running if the computer switches to battery power.
-
-- **Idle Only** – The task will stop running if the computer ceases to be idle. By default the task won't restart when the computer is idle again. Instead the task will begin again on the next task trigger.
-
-- **Network Connection** – Tasks marked “Yes” only run if the computer has a network connection available. Tasks marked “N/A” run regardless of network connectivity.
+- **Power Toggle** - Task Scheduler will optimize power consumption when not connected to AC power. The task might stop running if the computer switches to battery power.
+- **Idle Only** - The task will stop running if the computer ceases to be idle. By default the task won't restart when the computer is idle again. Instead the task will begin again on the next task trigger.
+- **Network Connection** - Tasks marked "Yes" only run if the computer has a network connection available. Tasks marked "N/A" run regardless of network connectivity.
### How to Manage Scheduled Tasks
To find Scheduled Tasks, perform the following steps:
-1. Open “Schedule Tasks” on the user computer.
-
-2. Navigate to: Task Scheduler -> Task Scheduler Library -> Microsoft -> UE-V
-
-3. Select the scheduled task you wish to manage and configure in the details pane.
+1. Open "Schedule Tasks" on the user computer.
+1. Navigate to: Task Scheduler -> Task Scheduler Library -> Microsoft -> UE-V
+1. Select the scheduled task you wish to manage and configure in the details pane.
### Additional information
The following additional information applies to UE-V scheduled tasks:
-- All task sequence programs are located in the UE-V Agent installation folder, `%programFiles%\Microsoft User Experience Virtualization\Agent\[architecture]\`, by default.
-
-- The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to “SyncProvider” (UE-V default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings don't synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute. You can also increase the 30-min default to a higher amount if necessary.
-
-- You don't need to disable the Template Auto Update scheduled task if you use another method to keep the clients’ templates in sync (that is, Group Policy or Configuration Manager Baselines). Leaving the SettingsTemplateCatalog property value blank prevents UE-V from checking the settings catalog for custom templates. This scheduled task runs ApplySettingsCatalog.exe and will essentially return immediately.
-
-- The Monitor Application Settings scheduled task will update Windows app (AppX) settings in real time, based on Windows app program setting triggers built into each app.
-
-
-
-
+- All task sequence programs are located in the UE-V Agent installation folder, `%programFiles%\Microsoft User Experience Virtualization\Agent\[architecture]\`, by default.
+- The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to "SyncProvider" (UE-V default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings don't synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute. You can also increase the 30-min default to a higher amount if necessary.
+- You don't need to disable the Template Auto Update scheduled task if you use another method to keep the clients' templates in sync (that is, Group Policy or Configuration Manager Baselines). Leaving the SettingsTemplateCatalog property value blank prevents UE-V from checking the settings catalog for custom templates. This scheduled task runs ApplySettingsCatalog.exe and will essentially return immediately.
+- The Monitor Application Settings scheduled task will update Windows app (AppX) settings in real time, based on Windows app program setting triggers built into each app.
## Related topics
[Administering UE-V](uev-administering-uev.md)
-
[Deploy UE-V for Custom Applications](uev-deploy-uev-for-custom-applications.md)
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
index 44e725599f..c238ec602f 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-group-policy-objects.md
@@ -1,30 +1,17 @@
---
title: Configuring UE-V with Group Policy Objects
description: In this article, learn how to configure User Experience Virtualization (UE-V) with Group Policy objects.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Configuring UE-V with Group Policy Objects
-**Applies to**
-- Windows 10, version 1607
-
-Some User Experience Virtualization (UE-V) Group Policy settings can be defined for computers, and other Group Policy settings can be defined for users. The Group Policy administrative templates for these settings are included in Windows 10, version 1607.
-
+Some User Experience Virtualization (UE-V) Group Policy settings can be defined for computers, and other Group Policy settings can be defined for users. The Group Policy administrative templates for these settings are included in Windows 10, version 1607.
The following policy settings can be configured for UE-V.
-**Group Policy settings**
+### Group Policy settings
|Group Policy setting name|Target|Group Policy setting description|Configuration options|
|--- |--- |--- |--- |
@@ -39,52 +26,41 @@ The following policy settings can be configured for UE-V.
|Synchronization timeout|Computers and Users|This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.|Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.|
|Tray Icon|Computers Only|This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.|This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.|
|Use User Experience Virtualization (UE-V)|Computers and Users|This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).|This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.|
-|Enable UE-V|Computers and Users|This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.|This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.|
+|Enable UE-V|Computers and Users|This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.|This setting only has an effect for UE-V in Windows 10, version 1601. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.|
>[!NOTE]
>In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications.
-**Windows App Group Policy settings**
+### Windows App Group Policy settings
|Group Policy setting name|Target|Group Policy setting description|Configuration options|
|--- |--- |--- |--- |
|Do not synchronize Windows Apps|Computers and Users|This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.|The default is to synchronize Windows apps.|
-|Windows App List|Computer and User|This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.|You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.|
+|Windows App List|Computer and User|This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app's settings.|You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.|
|Sync Unlisted Windows Apps|Computer and User|This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.|By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.|
For more information about synchronizing Windows apps, see [Windows App List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
**To configure computer-targeted Group Policy settings**
-1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) on the computer that acts as a domain controller to manage Group Policy settings for UE-V computers. Navigate to **Computer configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**.
-
-2. Select the Group Policy setting to be edited.
+1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) on the computer that acts as a domain controller to manage Group Policy settings for UE-V computers. Navigate to **Computer configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**
+1. Select the Group Policy setting to be edited
**To configure user-targeted Group Policy settings**
-1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) tool in Microsoft Desktop Optimization Pack (MDOP) on the domain controller computer to manage Group Policy settings for UE-V. Navigate to **User configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**.
-
-2. Select the edited Group Policy setting.
+1. Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) tool in Microsoft Desktop Optimization Pack (MDOP) on the domain controller computer to manage Group Policy settings for UE-V. Navigate to **User configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**
+1. Select the edited Group Policy setting
The UE-V service uses the following order of precedence to determine synchronization.
**Order of precedence for UE-V settings**
-1. User-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_CURRENT_USER\Software\Policies\Microsoft\Uev\Agent\Configuration`.
-
-2. Computer-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Uev\Agent\Configuration`.
-
-3. Configuration settings that are defined by the current user by using Windows PowerShell or Windows management Instrumentation (WMI) - These configuration settings are stored by the UE-V service under this registry location: `HKEY_CURRENT_USER\Software\Microsoft\Uev\Agent\Configuration`.
-
-4. Configuration settings that are defined for the computer by using Windows PowerShell or WMI. These configuration settings are stored by the UE-V service under this registry location: `HKEY_LOCAL_MACHINE\Software\Microsoft\Uev\Agent\Configuration`.
-
-
-
-
+1. User-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_CURRENT_USER\Software\Policies\Microsoft\Uev\Agent\Configuration`
+1. Computer-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Uev\Agent\Configuration`
+1. Configuration settings that are defined by the current user by using Windows PowerShell or Windows management Instrumentation (WMI) - These configuration settings are stored by the UE-V service under this registry location: `HKEY_CURRENT_USER\Software\Microsoft\Uev\Agent\Configuration`
+1. Configuration settings that are defined for the computer by using Windows PowerShell or WMI. These configuration settings are stored by the UE-V service under this registry location: `HKEY_LOCAL_MACHINE\Software\Microsoft\Uev\Agent\Configuration`
## Related topics
-
[Administering UE-V](uev-administering-uev.md)
-
[Manage Configurations for UE-V](uev-manage-configurations.md)
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index 30bf50f542..6aa403bde3 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -1,23 +1,11 @@
---
title: Configuring UE-V with Microsoft Configuration Manager
description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Configuration Manager.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
-# Configuring UE-V with Microsoft Configuration Manager
-
-**Applies to**
-- Windows 10, version 1607
+# Configuring UE-V with Microsoft Configuration Manager
After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of Microsoft Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
@@ -25,119 +13,102 @@ After you deploy User Experience Virtualization (UE-V) and its required features
The UE-V Configuration Pack includes tools to:
-- Create or update UE-V settings location template distribution baselines
+- Create or update UE-V settings location template distribution baselines
+ - Define UE-V templates to be registered or unregistered
+ - Update UE-V template configuration items and baselines as templates are added or updated
+ - Distribute and register UE-V templates using standard Configuration Item remediation
+- Create or update a UE-V Agent policy configuration item to set or clear these settings
- - Define UE-V templates to be registered or unregistered
+ |Configuration|Setting|Description|
+ |--- |--- |--- |
+ |Max package size|Enable/disable Windows app sync|Wait for sync on application start|
+ |Setting import delay|Sync unlisted Windows apps|Wait for sync on sign in|
+ |Settings import notification|IT contact URL|Wait for sync timeout|
+ |Settings storage path|IT contact descriptive text|Settings template catalog path|
+ |Sync enablement|Tray icon enabled|Start/Stop UE-V agent service|
+ |Sync method|First use notification|Define which Windows apps will roam settings|
+ |Sync timeout|||
- - Update UE-V template configuration items and baselines as templates are added or updated
-
- - Distribute and register UE-V templates using standard Configuration Item remediation
-
-- Create or update a UE-V Agent policy configuration item to set or clear these settings
-
- |Configuration|Setting|Description|
- |--- |--- |--- |
- |Max package size|Enable/disable Windows app sync|Wait for sync on application start|
- |Setting import delay|Sync unlisted Windows apps|Wait for sync on sign in|
- |Settings import notification|IT contact URL|Wait for sync timeout|
- |Settings storage path|IT contact descriptive text|Settings template catalog path|
- |Sync enablement|Tray icon enabled|Start/Stop UE-V agent service|
- |Sync method|First use notification|Define which Windows apps will roam settings|
- |Sync timeout|||
-
-- Verify compliance by confirming that UE-V is running.
+- Verify compliance by confirming that UE-V is running.
## Generate a UE-V service policy configuration item
-
All UE-V service policy and configuration is distributed through a single configuration item that is generated using the UevAgentPolicyGenerator.exe tool. This tool reads the desired configuration from an XML configuration file and creates a CI containing the discovery and remediation settings needed to bring the machine into compliance.
The UE-V service policy configuration item CAB file is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters:
-- Site <site code>
-
-- PolicyName <name> Optional: Defaults to “UE-V Agent Policy” if not present
-
-- PolicyDescription <description> Optional: A description is provided if not present
-
-- CabFilePath <full path to configuration item .CAB file>
-
-- ConfigurationFile <full path to agent configuration XML file>
+- Site <site code>
+- PolicyName <name> Optional: Defaults to "UE-V Agent Policy" if not present
+- PolicyDescription <description> Optional: A description is provided if not present
+- CabFilePath <full path to configuration item .CAB file>
+- ConfigurationFile <full path to agent configuration XML file>
> [!NOTE]
> It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console:
-1. Select **Administration > Client Settings > Properties**
-
-2. In the **User Agent** tab, set the **PowerShell Execution Policy** to **Bypass**
-
+1. Select **Administration > Client Settings > Properties**
+1. In the **User Agent** tab, set the **PowerShell Execution Policy** to **Bypass**
**Create the first UE-V policy configuration item**
-1. Copy the default settings configuration file from the UE-V Config Pack installation directory to a location visible to your ConfigMgr Admin Console:
+1. Copy the default settings configuration file from the UE-V Config Pack installation directory to a location visible to your ConfigMgr Admin Console:
- ```cmd
- C:\Program Files (x86)\Windows Kits\10\Microsoft User Experience Virtualization\Management\AgentConfiguration.xml
- ```
+ ```cmd
+ C:\Program Files (x86)\Windows Kits\10\Microsoft User Experience Virtualization\Management\AgentConfiguration.xml
+ ```
- The default configuration file contains five sections:
+ The default configuration file contains five sections:
- **Computer Policy**
- All UE-V machine level settings. The DesiredState attribute can be
+ **Computer Policy**
- - **Set** to have the value assigned in the registry
+ All UE-V machine level settings. The DesiredState attribute can be
- - **Clear** to remove the setting
+ - **Set** to have the value assigned in the registry
+ - **Clear** to remove the setting
+ - **Unmanaged** to have the configuration item left at its current state
- - **Unmanaged** to have the configuration item left at its current state
+ Don't remove lines from this section. Instead, set the DesiredState to `Unmanaged` if you don't want Configuration Manager to alter current or default values.
- Don't remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you don't want Configuration Manager to alter current or default values.
+ **CurrentComputerUserPolicy**
- **CurrentComputerUserPolicy**
- All UE-V user level settings. These entries override the machine settings for a user. The DesiredState attribute can be
+ All UE-V user level settings. These entries override the machine settings for a user. The DesiredState attribute can be
- - **Set** to have the value assigned in the registry
+ - **Set** to have the value assigned in the registry
+ - **Clear** to remove the setting
+ - **Unmanaged** to have the configuration item left at its current state
- - **Clear** to remove the setting
+ Don't remove lines from this section. Instead, set the DesiredState to 'Unmanaged' if you don't want Configuration Manager to alter current or default values.
- - **Unmanaged** to have the configuration item left at its current state
+ **Services**
- Don't remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you don't want Configuration Manager to alter current or default values.
+ Entries in this section control service operation. The default configuration file contains a single entry for the UevAgentService. The DesiredState attribute can be set to **Running** or **Stopped**.
- **Services**
- Entries in this section control service operation. The default configuration file contains a single entry for the UevAgentService. The DesiredState attribute can be set to **Running** or **Stopped**.
+ **Windows8AppsComputerPolicy**
- **Windows8AppsComputerPolicy**
- All machine level Windows app synchronization settings. Each PackageFamilyName listed in this section can be assigned a DesiredState of
+ All machine level Windows app synchronization settings. Each PackageFamilyName listed in this section can be assigned a DesiredState of
- - **Enabled** to have settings roam
+ - **Enabled** to have settings roam
+ - **Disabled** to prevent settings from roaming
+ - **Cleared** to have the entry removed from UE-V control
- - **Disabled** to prevent settings from roaming
+ More lines can be added to this section based on the list of installed Windows apps that can be viewed using the PowerShell cmdlet GetAppxPackage.
- - **Cleared** to have the entry removed from UE-V control
+ **Windows8AppsCurrentComputerUserPolicy**
- More lines can be added to this section based on the list of installed Windows apps that can be viewed using the PowerShell cmdlet GetAppxPackage.
+ Identical to the Windows8AppsComputerPolicy with settings that override machine settings for an individual user.
- **Windows8AppsCurrentComputerUserPolicy**
- Identical to the Windows8AppsComputerPolicy with settings that override machine settings for an individual user.
-
-2. Edit the configuration file by changing the desired state and value fields.
-
-3. Run this command on a machine running the ConfigMgr Admin Console:
-
- ```cmd
- C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe -Site ABC -CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" -ConfigurationFile "c:\AgentConfiguration.xml"
- ```
-
-4. Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem
+1. Edit the configuration file by changing the desired state and value fields.
+1. Run this command on a machine running the ConfigMgr Admin Console:
+ ```cmd
+ C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe -Site ABC -CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" -ConfigurationFile "c:\AgentConfiguration.xml"
+ ```
+1. Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem
**Update a UE-V Policy Configuration Item**
-1. Edit the configuration file by changing the desired state and value fields.
-
-2. Run the command from Step 3 in [Create the First UE-V Policy Configuration Item](#create). If you changed the name with the PolicyName parameter, make sure you enter the same name.
-
-3. Reimport the CAB file. The version in ConfigMgr will be updated.
+1. Edit the configuration file by changing the desired state and value fields.
+1. Run the command from Step 3 in [Create the First UE-V Policy Configuration Item](#create). If you changed the name with the PolicyName parameter, make sure you enter the same name.
+1. Reimport the CAB file. The version in ConfigMgr will be updated.
## Generate a UE-V Template Baseline
@@ -145,35 +116,25 @@ UE-V templates are distributed using a baseline containing multiple configuratio
The UE-V template baseline is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters:
-- Site <site code>
-
-- BaselineName <name> (Optional: defaults to “UE-V Template Distribution Baseline” if not present)
-
-- BaselineDescription <description> (Optional: a description is provided if not present)
-
-- TemplateFolder <UE-V template folder>
-
-- Register <comma separated template file list>
-
-- Unregister <comma separated template list>
-
-- CabFilePath <Full path to baseline CAB file to generate>
+- Site <site code>
+- BaselineName <name> (Optional: defaults to "UE-V Template Distribution Baseline" if not present)
+- BaselineDescription <description> (Optional: a description is provided if not present)
+- TemplateFolder <UE-V template folder>
+- Register <comma separated template file list>
+- Unregister <comma separated template list>
+- CabFilePath <Full path to baseline CAB file to generate>
The result is a baseline CAB file that is ready for import into Configuration Manager. If at a future date, you update or add a template, you can rerun the command using the same baseline name. Importing the CAB results in CI version updates on the changed templates.
### Create the First UE-V Template Baseline
-1. Create a “master” set of UE-V templates in a stable folder location visible to the machine running your ConfigMgr Admin Console. As templates are added or updated, this folder is where they're pulled for distribution. The initial list of templates can be copied from a machine with UE-V installed. The default template location is C:\\Program Files\\Microsoft User Experience Virtualization\\Templates.
-
-2. Create a text.bat file where you can add the template generator command. This step is optional, but will make regeneration simpler if you save the command parameters.
-
-3. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator:
-
- ```cmd
- C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe -Site "ABC" -TemplateFolder "C:\ProductionUevTemplates" -Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" -CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab"
- ```
-
-4. Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager.
+1. Create a "master" set of UE-V templates in a stable folder location visible to the machine running your ConfigMgr Admin Console. As templates are added or updated, this folder is where they're pulled for distribution. The initial list of templates can be copied from a machine with UE-V installed. The default template location is C:\\Program Files\\Microsoft User Experience Virtualization\\Templates.
+1. Create a text.bat file where you can add the template generator command. This step is optional, but will make regeneration simpler if you save the command parameters
+1. Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator:
+ ```cmd
+ C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe -Site "ABC" -TemplateFolder "C:\ProductionUevTemplates" -Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" -CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab"
+ ```
+1. Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager
### Update a UE-V Template Baseline
@@ -181,15 +142,11 @@ The template generator uses the template version to determine if a template shou
To distribute a new Notepad template, you would perform these steps:
-1. Update the template and template version located in the <Version> element of the template.
-
-2. Copy the template to your master template directory.
-
-3. Run the command in the .bat file that you created in Step 3 in [Create the First UE-V Template Baseline](#create2).
-
-4. Import the generated CAB file into ConfigMgr using the console or PowerShell Import-CMBaseline.
+1. Update the template and template version located in the <Version> element of the template
+1. Copy the template to your master template directory
+1. Run the command in the .bat file that you created in Step 3 in [Create the First UE-V Template Baseline](#create2)
+1. Import the generated CAB file into ConfigMgr using the console or PowerShell Import-CMBaseline
## Related articles
-
[Manage Configurations for UE-V](uev-manage-configurations.md)
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index 1ab8b30874..a349f9b2a3 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -1,36 +1,19 @@
---
title: Deploy required UE-V features
description: Learn how to install and configure User Experience Virtualization (UE-V) features, for example, a network share that stores and retrieves user settings.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Deploy required UE-V features
-**Applies to**
-- Windows 10, version 1607
-
To get up and running with User Experience Virtualization (UE-V), install and configure the following features.
-- [Deploy a settings storage location](#deploy-a-ue-v-settings-storage-location) that is accessible to end users.
-
+- [Deploy a settings storage location](#deploy-a-ue-v-settings-storage-location) that is accessible to end users.
This feature is a standard network share that stores and retrieves user settings.
-
-- [Choose the configuration method for UE-V](#choose-the-configuration-method-for-ue-v)
-
+- [Choose the configuration method for UE-V](#choose-the-configuration-method-for-ue-v)
You can deploy and configure UE-V with common management tools including group policy, Configuration Manager, or Windows Management Infrastructure and PowerShell.
-
-- [Enable the UE-V service](#enable-the-ue-v-service) on user devices.
-
+- [Enable the UE-V service](#enable-the-ue-v-service) on user devices.
With Windows 10, version 1607, UE-V is installed automatically. You need to enable the UE-V service on each user device you want to include in your UE-V environment.
The articles in this section describe how to deploy these features.
@@ -39,11 +22,11 @@ The articles in this section describe how to deploy these features.
UE-V requires a location in which to store user settings in settings package files. You can configure this settings storage location in one of these ways:
-- Create your own settings storage location
+- Create your own settings storage location
+- Use existing Active Directory for your settings storage location
-- Use existing Active Directory for your settings storage location
-
-> **Note** As a matter of [performance and capacity planning](uev-prepare-for-deployment.md#performance-and-capacity-planning) and to reduce problems with network latency, create settings storage locations on the same local networks where the users’ devices reside. We recommend 20 MB of disk space per user for the settings storage location.
+> [!NOTE]
+> As a matter of [performance and capacity planning](uev-prepare-for-deployment.md#performance-and-capacity-planning) and to reduce problems with network latency, create settings storage locations on the same local networks where the users' devices reside. We recommend 20 MB of disk space per user for the settings storage location.
### Create a UE-V Settings Storage Location
@@ -51,17 +34,14 @@ Before you define the settings storage location, you must create a root director
The settings storage location is defined by setting the SettingsStoragePath configuration option, which you can configure by using one of these methods:
-- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
+- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
+- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
-- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+ The path must be in a universal naming convention (UNC) path of the server and share. For example, **\\Server\Settingsshare\**. This configuration option supports the use of variables to enable specific synchronization scenarios. For example, you can use the %username%\%computername% variables to preserve the end user settings experience in these scenarios:
-- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
-
- The path must be in a universal naming convention (UNC) path of the server and share. For example, **\\\\Server\\Settingsshare\\**. This configuration option supports the use of variables to enable specific synchronization scenarios. For example, you can use the %username%\\%computername% variables to preserve the end user settings experience in these scenarios:
-
-- End users that use multiple physical devices in your enterprise
-
-- Enterprise computers that are used by multiple end users
+- End users that use multiple physical devices in your enterprise
+- Enterprise computers that are used by multiple end users
The UE-V service dynamically creates a user-specific settings storage path, with a hidden system folder named **SettingsPackages**, based on the configuration setting of **SettingsStoragePath**. The service reads and writes settings to this location as defined by the registered UE-V settings location templates.
@@ -71,18 +51,16 @@ The UE-V service dynamically creates a user-specific settings storage path, with
**To deploy the UE-V network share**
-1. Create a new security group for UE-V users.
-
-2. Create a new folder on the centrally located computer that stores the UE-V settings packages, and then grant UE-V users access with group permissions to the folder. The administrator who supports UE-V must have permissions to this shared folder.
-
-3. Set the following share-level Server Message Block (SMB) permissions for the settings storage location folder.
+1. Create a new security group for UE-V users.
+1. Create a new folder on the centrally located computer that stores the UE-V settings packages, and then grant UE-V users access with group permissions to the folder. The administrator who supports UE-V must have permissions to this shared folder.
+1. Set the following share-level Server Message Block (SMB) permissions for the settings storage location folder.
| **User account** | **Recommended permissions** |
|------------------------------|-----------------------------|
| Everyone | No permissions |
| Security group of UE-V users | Full control |
-4. Set the following NTFS file system permissions for the settings storage location folder.
+1. Set the following NTFS file system permissions for the settings storage location folder.
| **User account** | **Recommended permissions** | **Folder** |
|------------------------------|---------------------------------------------------|---------------------------|
@@ -91,78 +69,63 @@ The UE-V service dynamically creates a user-specific settings storage path, with
With this configuration, the UE-V service creates and secures a Settingspackage folder while it runs in the context of the user, and grants each user permission to create folders for settings storage. Users receive full control to their Settingspackage folder while other users can't access it.
-**Note**
-If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this extra security, specify this setting in the Windows Server Registry Editor:
-
-1. Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**.
-
-2. Set the registry key value to *1*.
+> [!NOTE]
+> If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this extra security, specify this setting in the Windows Server Registry Editor:
+>
+> 1. Add a **REG_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration**
+> 1. Set the registry key value to *1*
### Use Active Directory with UE-V
-The UE-V service uses Active Directory (AD) by default if you don’t define a settings storage location. In these cases, the UE-V service dynamically creates the settings storage folder under the root of the AD home directory of each user. However, if a custom directory setting is configured in AD, then that directory is used instead.
+The UE-V service uses Active Directory (AD) by default if you don't define a settings storage location. In these cases, the UE-V service dynamically creates the settings storage folder under the root of the AD home directory of each user. However, if a custom directory setting is configured in AD, then that directory is used instead.
## Choose the Configuration Method for UE-V
-You’ll need to decide which configuration method you'll use to manage UE-V after deployment since this configuration method is the one you'll use to deploy the UE-V Agent. Typically, this configuration method is the one that you already use in your environment, such as Windows PowerShell or Configuration Manager.
+You'll need to decide which configuration method you'll use to manage UE-V after deployment since this configuration method is the one you'll use to deploy the UE-V Agent. Typically, this configuration method is the one that you already use in your environment, such as Windows PowerShell or Configuration Manager.
You can configure UE-V before, during, or after you enable the UE-V service on user devices, depending on the configuration method that you use.
-- [**Group Policy**](uev-configuring-uev-with-group-policy-objects.md) You can use your existing Group Policy infrastructure to configure UE-V before or after you enable the UE-V service. The UE-V Group Policy ADMX template enables the central management of common UE-V service configuration options and includes settings to configure UE-V synchronization.
+- [**Group Policy**](uev-configuring-uev-with-group-policy-objects.md) You can use your existing Group Policy infrastructure to configure UE-V before or after you enable the UE-V service. The UE-V Group Policy ADMX template enables the central management of common UE-V service configuration options and includes settings to configure UE-V synchronization.
- >**Note** Starting with Windows 10, version 1607, UE-V ADMX templates are installed automatically.
+ > [!NOTE]
+ > Starting with Windows 10, version 1607, UE-V ADMX templates are installed automatically.
Group Policy ADMX templates configure the synchronization settings for the UE-V service and enable the central management of common UE-V service configuration settings by using an existing Group Policy infrastructure.
-
Supported operating systems for the domain controller that deploys the Group Policy Objects include:
-
Windows Server 2012 and Windows Server 2012 R2
-- [**Configuration Manager**](uev-configuring-uev-with-system-center-configuration-manager.md) The UE-V Configuration Pack lets you use the Compliance Settings feature of Microsoft Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
+- [**Configuration Manager**](uev-configuring-uev-with-system-center-configuration-manager.md) The UE-V Configuration Pack lets you use the Compliance Settings feature of Microsoft Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
+- [**Windows PowerShell and WMI**](uev-administering-uev-with-windows-powershell-and-wmi.md) You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify the configuration of the UE-V service.
-- [**Windows PowerShell and WMI**](uev-administering-uev-with-windows-powershell-and-wmi.md) You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify the configuration of the UE-V service.
-
->**Note**
-Registry modification can result in data loss, or the computer becomes unresponsive. We recommend that you use other configuration methods.
+> [!NOTE]
+> Registry modification can result in data loss, or the computer becomes unresponsive. We recommend that you use other configuration methods.
## Enable the UE-V service
The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location.
-Before enabling the UE-V service, you need to register the UE-V templates for first time use. In a PowerShell window, type **register-<TemplateName>** where **TemplateName** is the name of the UE-V template you want to register, and press ENTER.
+Before enabling the UE-V service, you need to register the UE-V templates for first time use. In a PowerShell window, type **register-<TemplateName>** where **TemplateName** is the name of the UE-V template you want to register, and press ENTER.
->**Note**
-With Windows 10, version 1607, you must register UE-V templates for all inbox and custom templates. This provides flexibility for only deploying the required templates.
+> [!NOTE]
+> With Windows 10, version 1607, you must register UE-V templates for all inbox and custom templates. This provides flexibility for only deploying the required templates.
With Windows 10, version 1607 and later, the UE-V service is installed on user devices. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
**To enable the UE-V service with Group Policy**
-1. Open the device’s **Group Policy Editor**.
-
-2. Navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft** **User Experience Virtualization**.
-
-3. Run **Enable UEV**.
-
-4. Restart the device.
+1. Open the device's **Group Policy Editor**
+1. Navigate to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Microsoft** **User Experience Virtualization**
+1. Run **Enable UEV**
+1. Restart the device
**To enable the UE-V service with Windows PowerShell**
-1. In a PowerShell window, type **Enable-UEV** and press ENTER.
-
-2. Restart the device.
-
-3. In a PowerShell window, type **Get-UEVStatus** and press ENTER to verify that the UE-V service was successfully enabled.
-
-
-
-
+1. In a PowerShell window, type **Enable-UEV** and press ENTER
+1. Restart the device
+1. In a PowerShell window, type **Get-UEVStatus** and press ENTER to verify that the UE-V service was successfully enabled
## Related articles
[Prepare a UE-V deployment](uev-prepare-for-deployment.md)
-
[Deploy UE-V for use with custom applications](uev-deploy-uev-for-custom-applications.md)
-
[Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
-
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 65523c41b0..6018becc89 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -1,54 +1,34 @@
---
title: Use UE-V with custom applications
description: Use User Experience Virtualization (UE-V) to create your own custom settings location templates with the UE-V template generator.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
-# Use UE-V with custom applications
-
-**Applies to**
-- Windows 10, version 1607
+# Use UE-V with custom applications
User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those settings included in the default templates, you can create your own custom settings location templates with the UE-V template generator.
-After you’ve reviewed [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) and decided that you want to synchronize settings for custom applications (for example, third-party, line-of-business), you’ll need to deploy the features of UE-V described in this topic.
+After you've reviewed [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) and decided that you want to synchronize settings for custom applications (for example, third-party, line-of-business), you'll need to deploy the features of UE-V described in this topic.
To start, here are the main steps required to synchronize settings for custom applications:
-- [Install the UE-V template generator](#install-the-uev-template-generator)
-
+- [Install the UE-V template generator](#install-the-uev-template-generator)
Use the UEV template generator to create custom XML settings location templates.
-
-- [Configure a UE-V settings template catalog](#deploy-a-settings-template-catalog)
-
+- [Configure a UE-V settings template catalog](#deploy-a-settings-template-catalog)
You can define this path where custom settings location templates are stored.
-
-- [Create custom settings location templates](#create-custom-settings-location-templates)
-
+- [Create custom settings location templates](#create-custom-settings-location-templates)
These custom templates let users sync settings for custom applications.
+- [Deploy the custom settings location templates](#deploy-the-custom-settings-location-templates)
-- [Deploy the custom settings location templates](#deploy-the-custom-settings-location-templates)
+After you test the custom template to ensure that settings are synced correctly, you can deploy these templates in one of these ways:
- After you test the custom template to ensure that settings are synced correctly, you can deploy these templates in one of these ways:
+- With your existing electronic software distribution solution, such as Configuration Manager
+- With Group Policy preferences
+- With a UE-V settings template catalog
- - With your existing electronic software distribution solution, such as Configuration Manager
-
- - With Group Policy preferences
-
- - With a UE-V settings template catalog
-
->**Note**
-Templates that are deployed with electronic software distribution methods or Group Policy must be registered with UE-V Windows Management Instrumentation (WMI) or Windows PowerShell.
+> [!NOTE]
+> Templates that are deployed with electronic software distribution methods or Group Policy must be registered with UE-V Windows Management Instrumentation (WMI) or Windows PowerShell.
## Prepare to deploy UE-V for custom applications
@@ -58,44 +38,36 @@ Before you start deploying the UE-V features that handle custom applications, re
Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator doesn't create settings location templates for the following types of applications:
-- Virtualized applications
+- Virtualized applications
+- Applications that are offered through Terminal Services
+- Java applications
+- Windows applications
-- Applications that are offered through Terminal Services
-
-- Java applications
-
-- Windows applications
-
->**Note**
-UE-V settings location templates can't be created from virtualized applications or Terminal Services applications. However, settings that are synchronized by using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and Terminal Services applications, open a version of the Windows Installer (.msi) package of the application by using the UE-V template generator. For more information about synchronizing settings for virtual applications, see [Using UE-V with virtual applications](uev-using-uev-with-application-virtualization-applications.md).
+> [!NOTE]
+> UE-V settings location templates can't be created from virtualized applications or Terminal Services applications. However, settings that are synchronized by using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and Terminal Services applications, open a version of the Windows Installer (.msi) package of the application by using the UE-V template generator. For more information about synchronizing settings for virtual applications, see [Using UE-V with virtual applications](uev-using-uev-with-application-virtualization-applications.md).
**Excluded Locations:** The discovery process excludes locations that commonly store application software files that don't synchronize settings well between user computers or computing environments. By default, these files are excluded:
-- HKEY\_CURRENT\_USER registry keys and files to which the signed-in user can't write values
-
-- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system
-
-- All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive
-
-- Files that are located in Program Files directories
-
-- Files that are located in Users \\ \[User name\] \\ AppData \\ LocalLow
-
-- Windows operating system files that are located in %Systemroot%
+- HKEY_CURRENT_USER registry keys and files to which the signed-in user can't write values
+- HKEY_CURRENT_USER registry keys and files that are associated with the core functionality of the Windows operating system
+- All registry keys that are located in the HKEY_LOCAL_MACHINE hive
+- Files that are located in Program Files directories
+- Files that are located in Users \ [User name] \ AppData \ LocalLow
+- Windows operating system files that are located in %Systemroot%
If registry keys and files that are stored in excluded locations are required to synchronize application settings, you can manually add the locations to the settings location template during the template creation process.
### Replace the default Microsoft templates
-A default group of settings location templates for common Microsoft applications and Windows settings is included with Windows 10, version 1607. If you customize these templates, or create settings location templates to synchronize settings for custom applications, the UE-V service can be configured to use a settings template catalog to store the templates. In this case, you'll need to include the default templates with the custom templates in the settings template catalog.
+A default group of settings location templates for common Microsoft applications and Windows settings is included with Windows 10, version 1601. If you customize these templates, or create settings location templates to synchronize settings for custom applications, the UE-V service can be configured to use a settings template catalog to store the templates. In this case, you'll need to include the default templates with the custom templates in the settings template catalog.
->**Important**
-After you enable the UE-V service, you’ll need to register the settings location templates using the `Register-UevTemplate` cmdlet in Windows PowerShell.
+> [!IMPORTANT]
+> After you enable the UE-V service, you'll need to register the settings location templates using the `Register-UevTemplate` cmdlet in Windows PowerShell.
When you use Group Policy to configure the settings template catalog path, you can choose to replace the default Microsoft templates. If you configure the policy settings to replace the default Microsoft templates, all of the default Microsoft templates that are installed with Windows 10, version 1607 are deleted and only the templates that are located in the settings template catalog are used.
-**Note**
-If there are customized templates in the settings template catalog that use the same ID as the default Microsoft templates, the Microsoft templates are ignored.
+> [!NOTE]
+> If there are customized templates in the settings template catalog that use the same ID as the default Microsoft templates, the Microsoft templates are ignored.
You can replace the default templates by using the UE-V Windows PowerShell features. To replace the default Microsoft template with Windows PowerShell, unregister all of the default Microsoft templates, and then register the customized templates.
@@ -109,14 +81,13 @@ The UE-V template generator is included in the Windows Assessment and Deployment
Install the UE-V template generator on a computer that you can use to create a custom settings location template. This computer should have the applications installed for which custom settings location templates need to be generated.
->**Important**
-UE-V for Windows 10, version 1607 includes a new template generator. If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. Templates created with previous versions of the UE-V template generator will continue to work.
+> [!IMPORTANT]
+> UE-V for Windows 10, version 1607 includes a new template generator. If you are upgrading from an existing UE-V installation, you'll need to use the new generator to create settings location templates. Templates created with previous versions of the UE-V template generator will continue to work.
-**To install the UE-V template generator**
+To install the UE-V template generator:
-1. Go to [Download the Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) to access the ADK.
-
-2. Select the **Get Windows ADK for Windows 10** button on this page to start the ADK installer. On the window pictured below, select **Microsoft User Experience Virtualization (UE-V) Template Generator** and then select Install.
+1. Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) to access the ADK.
+1. Select the **Get Windows ADK for Windows 10** button on this page to start the ADK installer. On the window pictured below, select **Microsoft User Experience Virtualization (UE-V) Template Generator** and then select Install.
-| **Component** | **Function** |
-|--------------------------|------------------|
-| **UE-V service** | Enabled on every device that needs to synchronize settings, the **UE-V service** monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices. |
-| **Settings packages** | Application settings and Windows settings are stored in **settings packages** created by the UE-V service. Settings packages are built, locally stored, and copied to the settings storage location. The setting values for **desktop applications** are stored when the user closes the application. Values for **Windows settings** are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer. The sync provider determines when the application or operating system settings are read from the **Settings Packages** and synchronized. |
-| **Settings storage location** | This is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings. |
-| **Settings location templates** | UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#manage-settings-synchronization-for-custom-applications). **Note** Settings location templates are not required for Windows applications. |
-| **Universal Windows applications list** | Settings for Windows applications are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications. You can add or remove applications in the Windows app list by following the procedures in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). |
+| **Component** | **Function** |
+|--|--|
+| **UE-V service** | Enabled on every device that needs to synchronize settings, the **UE-V service** monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices. |
+| **Settings packages** | Application settings and Windows settings are stored in **settings packages** created by the UE-V service. Settings packages are built, locally stored, and copied to the settings storage location. The setting values for **desktop applications** are stored when the user closes the application. Values for **Windows settings** are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer. The sync provider determines when the application or operating system settings are read from the **Settings Packages** and synchronized. |
+| **Settings storage location** | This is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings. |
+| **Settings location templates** | UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#manage-settings-synchronization-for-custom-applications). **Note** Settings location templates are not required for Windows applications. |
+| **Universal Windows applications list** | Settings for Windows applications are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications. You can add or remove applications in the Windows app list by following the procedures in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md). |
## Manage settings synchronization for custom applications
Use these UE-V components to create and manage custom templates for your third-party or line-of-business applications.
-| Component | Description |
-|-------------------------------|---------------|
-| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor. With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK). If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
-| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior. If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md).|
+| Component | Description |
+|--|--|
+| **UE-V template generator** | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor. With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) (Windows ADK). If you are upgrading from an existing UE-V installation, you'll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
+| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior. If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md). |
-### Planning a UE-V deployment
+### Planning a UE-V deployment
Review the following articles to determine which UE-V components you'll be deploying.
-- [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
+- [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
If you want to synchronize settings for custom applications, you'll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involve the following tasks:
- - Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
+ - Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
+ - [Determine whether you need settings synchronized for other applications](#determine-whether-you-need-settings-synchronized-for-other-applications).
- - [Determine whether you need settings synchronized for other applications](#determine-whether-you-need-settings-synchronized-for-other-applications).
-
-- Review [other considerations for deploying UE-V](#other-considerations-when-preparing-a-ue-v-deployment), including high availability and capacity planning.
-
-- [Confirm prerequisites and supported configurations for UE-V](#confirm-prerequisites-and-supported-configurations-for-ue-v)
+- Review [other considerations for deploying UE-V](#other-considerations-when-preparing-a-ue-v-deployment), including high availability and capacity planning.
+- [Confirm prerequisites and supported configurations for UE-V](#confirm-prerequisites-and-supported-configurations-for-ue-v)
## Decide whether to synchronize settings for custom applications
@@ -77,11 +60,9 @@ Deciding if you want UE-V to synchronize settings for custom applications is an
This section explains which settings are synchronized by default in UE-V, including:
-- Desktop applications that are synchronized by default
-
-- Windows desktop settings that are synchronized by default
-
-- A statement of support for Windows applications setting synchronization
+- Desktop applications that are synchronized by default
+- Windows desktop settings that are synchronized by default
+- A statement of support for Windows applications setting synchronization
For downloadable UE-V templates, see: [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367)
@@ -90,16 +71,15 @@ For downloadable UE-V templates, see: [User Experience Virtualization (UE-V) set
When you enable the UE-V service on user devices, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
| Application category | Description |
-|-----------------------------|-------------------|
+|--|--|
| Microsoft Office 2016 applications | Microsoft Access 2016 Microsoft Lync 2016 Microsoft Excel 2016 Microsoft OneNote 2016 Microsoft Outlook 2016 Microsoft PowerPoint 2016 Microsoft Project 2016 Microsoft Publisher 2016 Microsoft SharePoint Designer 2013 (not updated for 2016) Microsoft Visio 2016 Microsoft Word 2016 Microsoft Office Upload Manager Microsoft Infopath has been removed (deprecated) from the Office 2016 suite |
-| Microsoft Office 2013 applications [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013 Microsoft Excel 2013 Microsoft Outlook 2013 Microsoft Access 2013 Microsoft Project 2013 Microsoft PowerPoint 2013 Microsoft Publisher 2013 Microsoft Visio 2013 Microsoft InfoPath 2013 Microsoft Lync 2013 Microsoft OneNote 2013 Microsoft SharePoint Designer 2013 Microsoft Office 2013 Upload Center Microsoft OneDrive for Business 2013
-| Microsoft Office 2010 applications [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010 Microsoft Excel 2010 Microsoft Outlook 2010 Microsoft Access 2010 Microsoft Project 2010 Microsoft PowerPoint 2010 Microsoft Publisher 2010 Microsoft Visio 2010 Microsoft SharePoint Workspace 2010 Microsoft InfoPath 2010 Microsoft Lync 2010 Microsoft OneNote 2010 Microsoft SharePoint Designer 2010 |
+| Microsoft Office 2013 applications [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013 Microsoft Excel 2013 Microsoft Outlook 2013 Microsoft Access 2013 Microsoft Project 2013 Microsoft PowerPoint 2013 Microsoft Publisher 2013 Microsoft Visio 2013 Microsoft InfoPath 2013 Microsoft Lync 2013 Microsoft OneNote 2013 Microsoft SharePoint Designer 2013 Microsoft Office 2013 Upload Center Microsoft OneDrive for Business 2013 |
+| Microsoft Office 2010 applications [Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010 Microsoft Excel 2010 Microsoft Outlook 2010 Microsoft Access 2010 Microsoft Project 2010 Microsoft PowerPoint 2010 Microsoft Publisher 2010 Microsoft Visio 2010 Microsoft SharePoint Workspace 2010 Microsoft InfoPath 2010 Microsoft Lync 2010 Microsoft OneNote 2010 Microsoft SharePoint Designer 2010 |
| Browser options: Internet Explorer 11 and 10 | Synchronize favorites, home page, tabs, and toolbars. **Note** UE-V doesn't roam settings for Internet Explorer cookies. |
| Windows accessories | Microsoft NotePad, WordPad |
> [!NOTE]
> - An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
->
> - UE-V doesn't synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems.
### Windows settings synchronized by default
@@ -107,22 +87,22 @@ When you enable the UE-V service on user devices, it registers a default group o
UE-V includes settings location templates that capture settings values for these Windows settings.
| Windows settings | Description | Apply on | Export on | Default state |
-|----------------------|-----------------|--------------|---------------|-------------------|
-| Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled |
-| Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled |
-| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, more clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled |
+|--|--|--|--|--|
+| Desktop background | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled |
+| Ease of Access | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled |
+| Desktop settings | Start menu and Taskbar settings, folder options, default desktop icons, more clocks, and region and language settings | Log on only | Log off or scheduled task | Enabled |
> [!IMPORTANT]
> UE-V roams taskbar settings between Windows 10 devices. However, UE-V doesn't synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions.
| Settings group | Category | Capture | Apply |
-|--------------------------|----------------|----------------|--------------|
-| **Application Settings** | Windows applications | Close application Windows application settings change event | Start the UE-V App Monitor at startup Open app Windows application settings change event Arrival of a settings package |
-| | Desktop applications | Application closes | Application opens and closes |
-| **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
-| | Ease of Access (Common - Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on |
-| | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse) | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
-| | Desktop settings | Lock or log off | Log on |
+|--|--|--|--|
+| **Application Settings** | Windows applications | Close application Windows application settings change event | Start the UE-V App Monitor at startup Open app Windows application settings change event Arrival of a settings package |
+| | Desktop applications | Application closes | Application opens and closes |
+| **Desktop settings** | Desktop background | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
+| | Ease of Access (Common - Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on |
+| | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse) | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
+| | Desktop settings | Lock or log off | Log on |
### UE-V-support for Windows applications
@@ -139,28 +119,24 @@ Users can print to their saved network printers, including their default network
Printer roaming in UE-V requires one of these scenarios:
-- The print server can download the required driver when it roams to a new device.
-
-- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
-
-- The printer driver can be imported from Windows Update.
+- The print server can download the required driver when it roams to a new device.
+- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
+- The printer driver can be imported from Windows Update.
> [!NOTE]
> The UE-V printer roaming feature doesn't roam printer settings or preferences, such as printing double-sided.
### Determine whether you need settings synchronized for other applications
-After you've reviewed the settings that are synchronized automatically in a UE-V deployment, you’ll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
+After you've reviewed the settings that are synchronized automatically in a UE-V deployment, you'll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
As an administrator, when you consider which desktop applications to include in your UE-V solution, consider which settings can be customized by users, and how and where the application stores its settings. Not all desktop applications have settings that can be customized or that are routinely customized by users. In addition, not all desktop applications settings can be synchronized safely across multiple devices or environments.
In general, you can synchronize settings that meet the following criteria:
-- Settings that are stored in user-accessible locations. For example, don't synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
-
-- Settings that aren't specific to the particular device. For example, exclude network shortcuts or hardware configurations.
-
-- Settings that can be synchronized between computers without risk of corrupted data. For example, don't use settings that are stored in a database file.
+- Settings that are stored in user-accessible locations. For example, don't synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
+- Settings that aren't specific to the particular device. For example, exclude network shortcuts or hardware configurations.
+- Settings that can be synchronized between computers without risk of corrupted data. For example, don't use settings that are stored in a database file.
### Checklist for evaluating custom applications
@@ -172,7 +148,7 @@ If you've decided that you need to synchronize settings for custom applications,
|  | Is it important for the user that these settings are synchronized? |
|  | Are these user settings already managed by an application management or settings policy solution? UE-V applies application settings at application startup and Windows settings at logon, unlock, or remote connect events. If you use UE-V with other settings sharing solutions, users might experience inconsistency across synchronized settings. |
|  | Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations don't consistently synchronize across sessions and can cause a poor application experience. |
-|  | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\\ \[User name\] \\**AppData**\\**LocalLow** directory? Application data that is stored in either of these locations usually shouldn't synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
+|  | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\ \[User name\] \**AppData**\**LocalLow** directory? Application data that is stored in either of these locations usually shouldn't synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
|  | Does the application store any settings in a file that contains other application data that shouldn't synchronize? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this extra data can cause a poor application experience.|
|  | How large are the files that contain the settings? The performance of the settings synchronization can be affected by large files. Including large files can affect the performance of settings synchronization. |
@@ -180,21 +156,15 @@ If you've decided that you need to synchronize settings for custom applications,
You should also consider these things when you're preparing to deploy UE-V:
-- [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v)
+- [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v)
+- [Windows applications settings synchronization](#windows-applications-settings-synchronization)
+- [Custom UE-V settings location templates](#custom-ue-v-settings-location-templates)
+- [Unintentional user settings configurations](#prevent-unintentional-user-settings-configuration)
+- [Performance and capacity](#performance-and-capacity-planning)
+- [High availability](#high-availability-for-ue-v)
+- [Computer clock synchronization](#synchronize-computer-clocks-for-ue-v-settings-synchronization)
-- [Windows applications settings synchronization](#windows-applications-settings-synchronization)
-
-- [Custom UE-V settings location templates](#custom-ue-v-settings-location-templates)
-
-- [Unintentional user settings configurations](#prevent-unintentional-user-settings-configuration)
-
-- [Performance and capacity](#performance-and-capacity-planning)
-
-- [High availability](#high-availability-for-ue-v)
-
-- [Computer clock synchronization](#synchronize-computer-clocks-for-ue-v-settings-synchronization)
-
-### Managing credentials synchronization in UE-V
+### Managing credentials synchronization in UE-V
Many enterprise applications, including Microsoft Outlook, Lync, and Skype for Business prompt users for their domain credentials when they log in. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid reentering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V.
@@ -230,25 +200,19 @@ Copy
[Group Policy](uev-configuring-uev-with-group-policy-objects.md)**:** You must edit the Group Policy administrative template for UE-V, which is included in Windows 10, version 1607, to enable credential synchronization through group policy. Credentials synchronization is managed in Windows settings. To manage this feature with Group Policy, enable the **Synchronize Windows** settings policy.
-1. Open Group Policy Editor and navigate to **User Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**.
-
-2. Double-click **Synchronize Windows settings**.
-
-3. If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it.
-
-4. Select **OK**.
+1. Open Group Policy Editor and navigate to **User Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**.
+1. Double-click **Synchronize Windows settings**.
+1. If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it.
+1. Select **OK**.
### Credential locations synchronized by UE-V
Credential files saved by applications into the following locations are synchronized:
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Credentials\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Crypto\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\Protect\\
-
-- %UserProfile%\\AppData\\Roaming\\Microsoft\\SystemCertificates\\
+- %UserProfile%\AppData\Roaming\Microsoft\Credentials\
+- %UserProfile%\AppData\Roaming\Microsoft\Crypto\
+- %UserProfile%\AppData\Roaming\Microsoft\Protect\
+- %UserProfile%\AppData\Roaming\Microsoft\SystemCertificates\
Credentials saved to other locations aren't synchronized by UE-V.
@@ -256,17 +220,15 @@ Credentials saved to other locations aren't synchronized by UE-V.
UE-V manages Windows application settings synchronization in three ways:
-- **Sync Windows applications:** Allow or deny any Windows application synchronization
-
-- **Windows applications list:** Synchronize a list of Windows applications
-
-- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that aren't in the Windows applications list.
+- **Sync Windows applications:** Allow or deny any Windows application synchronization
+- **Windows applications list:** Synchronize a list of Windows applications
+- **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that aren't in the Windows applications list.
For more information, see the [Windows Application List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
### Custom UE-V settings location templates
-If you're deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
+If you're deploying UE-V to synchronize settings for custom applications, you'll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including Microsoft Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
@@ -276,15 +238,11 @@ For more information about custom settings location templates, see [Deploy UE-V
UE-V downloads new user settings information from a settings storage location and applies the settings to the local device in these instances:
-- Each time an application is started that has a registered UE-V template
-
-- When a user signs in to a device
-
-- When a user unlocks a device
-
-- When a connection is made to a remote desktop device running UE-V
-
-- When the Sync Controller Application scheduled task is run
+- Each time an application is started that has a registered UE-V template
+- When a user signs in to a device
+- When a user unlocks a device
+- When a connection is made to a remote desktop device running UE-V
+- When the Sync Controller Application scheduled task is run
If UE-V is installed on computer A and computer B, and the settings that you want for the application are on computer A, then computer A should open and close the application first. If the application is opened and closed on computer B first, then the application settings on computer A are configured to the application settings on computer B. Settings are synchronized between computers on per-application basis. Over time, settings become consistent between computers as they're opened and closed with preferred settings.
@@ -306,21 +264,16 @@ By default, UE-V synchronization times out after 2 seconds to prevent excessive
The UE-V settings storage location and settings template catalog support storing user data on any writable share. To ensure high availability, follow these criteria:
-- Format the storage volume with an NTFS file system.
-
-- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) isn't supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
-
+- Format the storage volume with an NTFS file system.
+- The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) isn't supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
- [Deploying Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles)
-
- [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](/troubleshoot/windows-server/networking/support-policy-for-dfsr-dfsn-deployment)
In addition, because SYSVOL uses DFSR for replication, SYSVOL can't be used for UE-V data file replication.
-- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md).
-
-- Use file server clustering along with the UE-V service to provide access to copies of user state data if communications failures occur.
-
-- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
+- Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md).
+- Use file server clustering along with the UE-V service to provide access to copies of user state data if communications failures occur.
+- You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
### Synchronize computer clocks for UE-V settings synchronization
@@ -331,15 +284,14 @@ Computers that run the UE-V service must use a time server to maintain a consist
Before you proceed, ensure that your environment meets these requirements for using UE-V.
| Operating system | Edition | Service pack | System architecture | Windows PowerShell | Microsoft .NET Framework |
-|--------------------------|---------------|------------------|-------------------------|--------------------------|--------------------------------|
-| Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
-| Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
-| Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+|--|--|--|--|--|--|
+| Windows 10, version 1607 | Windows 10 for Enterprise | NA | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+| Windows 8 and Windows 8.1 | Enterprise or Pro | None | 32-bit or 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+| Windows Server 2012 and Windows Server 2012 R2 | Standard or Datacenter | None | 64-bit | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
> [!NOTE]
> - Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
->
-> - The “Delete Roaming Cache” policy for mandatory profiles isn't supported with UE-V and shouldn't be used.
+> - The "Delete Roaming Cache" policy for mandatory profiles isn't supported with UE-V and shouldn't be used.
There are no special random access memory (RAM) requirements specific to UE-V.
@@ -347,13 +299,10 @@ There are no special random access memory (RAM) requirements specific to UE-V.
Sync Provider is the default setting for users and synchronizes a local cache with the settings storage location in these instances:
-- Log on/log off
-
-- Lock/unlock
-
-- Remote desktop connect/disconnect
-
-- Application open/close
+- Log on/log off
+- Lock/unlock
+- Remote desktop connect/disconnect
+- Application open/close
A scheduled task manages this synchronization of settings every 30 minutes or through trigger events for certain applications. For more information, see [Changing the frequency of UE-V scheduled tasks](uev-changing-the-frequency-of-scheduled-tasks.md).
@@ -364,7 +313,6 @@ The UE-V service synchronizes user settings for devices that aren't always conne
Enable this configuration using one of these methods:
- After you enable the UE-V service, use the Settings Management feature in Microsoft Configuration Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration.
-
- Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the SyncMethod = None configuration.
Restart the device to allow the settings to synchronize.
@@ -372,7 +320,6 @@ Restart the device to allow the settings to synchronize.
> [!NOTE]
> These methods do not work for pooled virtual desktop infrastructure (VDI) environments.
-
> [!NOTE]
> If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path.
@@ -389,22 +336,13 @@ The VDI template is provided with UE-V and is typically available here after ins
Install the UE-V template generator on the device that is used to create custom settings location templates. This device should be able to run the applications that you want to synchronize settings for. You must be a member of the Administrators group on the device that runs the UE-V template generator software.
-The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 4. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md).
-
-
-
-
+The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 1. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md).
## Other resources for this feature
-- [User Experience Virtualization overview](uev-for-windows.md)
-
-- [Get started with UE-V](uev-getting-started.md)
-
-- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
-
-- [Administering UE-V](uev-administering-uev.md)
-
-- [Troubleshooting UE-V](uev-troubleshooting.md)
-
-- [Technical Reference for UE-V](uev-technical-reference.md)
+- [User Experience Virtualization overview](uev-for-windows.md)
+- [Get started with UE-V](uev-getting-started.md)
+- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+- [Administering UE-V](uev-administering-uev.md)
+- [Troubleshooting UE-V](uev-troubleshooting.md)
+- [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 995f79f988..b59b289e49 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -1,24 +1,12 @@
---
title: User Experience Virtualization (UE-V) Release Notes
description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that isn't included in the UE-V documentation.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# User Experience Virtualization (UE-V) Release Notes
-**Applies to**
-- Windows 10, version 1607
-
This topic includes information required to successfully install and use UE-V that isn't included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
### Company Settings Center removed in UE-V for Windows 10, version 1607
@@ -62,7 +50,7 @@ WORKAROUND: Install only one version of Office or limit which settings are synch
### Uninstallation and reinstallation of Windows 8 applications reverts settings to initial state
-While UE-V settings synchronization is being used for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but doesn't remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+While UE-V settings synchronization is being used for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application's settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application's settings but doesn't remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
WORKAROUND: None.
@@ -103,17 +91,10 @@ WORKAROUND: None
**Additional resources for this feature**
- [UE-V Registry Settings](/troubleshoot/windows-client/ue-v/ue-v-registry-settings)
-
- [How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V)](/troubleshoot/windows-client/ue-v/enable-debug-logging)
-
-- [User Experience Virtualization](uev-for-windows.md)
-
-- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
-
-- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
-
-- [Administering UE-V](uev-administering-uev.md)
-
-- [Troubleshooting UE-V](uev-troubleshooting.md)
-
-- [Technical Reference for UE-V](uev-technical-reference.md)
+- [User Experience Virtualization](uev-for-windows.md)
+- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+- [Administering UE-V](uev-administering-uev.md)
+- [Troubleshooting UE-V](uev-troubleshooting.md)
+- [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index 0f2220b76e..b0ba65c8c5 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -1,48 +1,33 @@
---
title: Security Considerations for UE-V
description: Learn about accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V).
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Security Considerations for UE-V
-**Applies to**
-- Windows 10, version 1607
-
This topic contains a brief overview of accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V). For more information, follow the links that are provided here.
## Security considerations for UE-V configuration
-
> [!IMPORTANT]
> When you create the settings storage share, limit the share access to users who require access.
Because settings packages might contain personal information, you should take care to protect them as much as possible. In general, do the following steps:
-- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
+- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
+- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share isn't visible in My Network Places.
+- Only give users the minimum number of permissions that they must have. The following tables show the required permissions.
-- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share isn't visible in My Network Places.
-
-- Only give users the minimum number of permissions that they must have. The following tables show the required permissions.
-
-1. Set the following share-level SMB permissions for the setting storage location folder.
+1. Set the following share-level SMB permissions for the setting storage location folder.
|User account|Recommended permissions|
|--- |--- |
|Everyone|No permissions|
|Security group of UE-V|Full control|
-2. Set the following NTFS file system permissions for the settings storage location folder.
+1. Set the following NTFS file system permissions for the settings storage location folder.
|User account|Recommended permissions|Folder|
|--- |--- |--- |
@@ -51,7 +36,7 @@ Because settings packages might contain personal information, you should take ca
|Security group of UE-V users|List folder/read data, create folders/append data|This folder only|
|Everyone|Remove all permissions|No permissions|
-3. Set the following share-level SMB permissions for the settings template catalog folder.
+1. Set the following share-level SMB permissions for the settings template catalog folder.
|User account|Recommend permissions|
|--- |--- |
@@ -59,7 +44,7 @@ Because settings packages might contain personal information, you should take ca
|Domain computers|Read permission Levels|
|Administrators|Read/write permission levels|
-4. Set the following NTFS permissions for the settings template catalog folder.
+1. Set the following NTFS permissions for the settings template catalog folder.
|User account|Recommended permissions|Apply to|
|--- |--- |--- |
@@ -68,25 +53,23 @@ Because settings packages might contain personal information, you should take ca
|Everyone|No permissions|No permissions|
|Administrators|Full Control|This folder, subfolders, and files|
-### Use Windows Server as of Windows Server 2003 to host redirected file shares
+### Use Windows Server as of Windows Server 2003 to host redirected file shares
User settings package files contain personal information that is transferred between the client computer and the server that stores the settings packages. Because of this process, you should ensure that the data is protected while it travels over the network.
User settings data is vulnerable to these potential threats: interception of the data as it passes over the network, tampering with the data as it passes over the network, and spoofing of the server that hosts the data.
-As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
+As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
-- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client doesn't know whether the server is valid. This difference is important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos isn't available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
+- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2001. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client doesn't know whether the server is valid. This difference is important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos isn't available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
-- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures that:
+- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures that:
- - Roamed data is safe from data modification while data is en route.
+ - Roamed data is safe from data modification while data is en route.
+ - Roamed data is safe from interception, viewing, or copying.
+ - Roamed data is safe from access by unauthenticated parties.
- - Roamed data is safe from interception, viewing, or copying.
-
- - Roamed data is safe from access by unauthenticated parties.
-
-- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. The SMB signing imposes a performance penalty. It doesn't consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
+- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. The SMB signing imposes a performance penalty. It doesn't consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
### Always use the NTFS file system for volumes that hold user data
@@ -107,20 +90,18 @@ This permission configuration enables users to create folders for settings stora
> [!NOTE]
> Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
-1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
-
-2. Set the registry key value to *1*.
+1. Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
+1. Set the registry key value to *1*.
When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service doesn't grant access to the folder.
-
If you must create folders for the users, ensure that you have the correct permissions set.
We strongly recommend that you don't pre-create folders. Instead, let the UE-V service create the folder for the user.
### Ensure correct permissions to store UE-V 2 settings in a home directory or custom directory
-If you redirect UE-V settings to a user’s home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization.
+If you redirect UE-V settings to a user's home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization.
### Review the contents of settings location templates and control access to them as needed
@@ -128,9 +109,8 @@ When a settings location template is being created, the UE-V generator uses a Li
If you plan to share settings location templates with anyone outside your organization, you should review all the settings locations and ensure the settings location templates don't contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
-- **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template.
-
-- **Template Author Email** – Specify a general, non-identifying template author email or exclude this data from the template.
+- **Template Author Name** - Specify a general, non-identifying name for the template author name or exclude this data from the template.
+- **Template Author Email** - Specify a general, non-identifying template author email or exclude this data from the template.
To remove the template author name or template author email, you can use the UE-V generator application. From the generator, select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template.
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index 17d2bba46f..c009f76e63 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -1,50 +1,26 @@
---
title: Sync Methods for UE-V
-description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users’ application and Windows settings with the settings storage location.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+description: Learn how User Experience Virtualization (UE-V) service sync methods let you synchronize users' application and Windows settings with the settings storage location.
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Sync Methods for UE-V
-**Applies to**
-- Windows 10, version 1607
-
-The User Experience Virtualization (UE-V) service lets you synchronize users’ application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md).
+The User Experience Virtualization (UE-V) service lets you synchronize users' application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md).
## SyncMethod Configuration
This table provides a description of each SyncMethod configuration:
-| **SyncMethod Configuration** | **Description** |
-|------------------------------|---------------------|
-| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path. This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn’t delayed for a long period of time. This functionality is also tied to the Scheduled task – Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. |
-| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. |
-| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available. Any settings changes are saved directly to the server. If the network connection to the settings storage path isn't available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path isn't found and the user profile is removed from a pooled VDI environment on sign out, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path. Apps and OS will wait indefinitely for the location to be present. This waiting period could cause App load or OS sign-in time to dramatically increase if the location isn't found. |
+| **SyncMethod Configuration** | **Description** |
+|--|--|
+| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path. This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn't delayed for a long period of time. This functionality is also tied to the Scheduled task - Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. |
+| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. |
+| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available. Any settings changes are saved directly to the server. If the network connection to the settings storage path isn't available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path isn't found and the user profile is removed from a pooled VDI environment on sign out, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path. Apps and OS will wait indefinitely for the location to be present. This waiting period could cause App load or OS sign-in time to dramatically increase if the location isn't found. |
You can configure the sync method in these ways:
-- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
-
-- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
-
-- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
-
-
-
-
-
-## Related topics
-
-[Deploy Required UE-V Features](uev-deploy-required-features.md)
-
-[Technical Reference for UE-V](uev-technical-reference.md)
+- Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
+- With the [Configuration Manager Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+- With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
diff --git a/windows/configuration/ue-v/uev-sync-trigger-events.md b/windows/configuration/ue-v/uev-sync-trigger-events.md
index 6cae6d66bf..a7347846ca 100644
--- a/windows/configuration/ue-v/uev-sync-trigger-events.md
+++ b/windows/configuration/ue-v/uev-sync-trigger-events.md
@@ -1,24 +1,12 @@
---
title: Sync Trigger Events for UE-V
description: Learn how User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Sync Trigger Events for UE-V
-**Applies to**
-- Windows 10, version 1607
-
User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices. *Sync trigger events* define when the UE-V service synchronizes those settings with the settings storage location. For more information about Sync Method configuration, see [Sync Methods for UE-V](uev-sync-methods.md).
## UE-V Sync Trigger Events
@@ -38,18 +26,6 @@ The following table explains the trigger events for classic applications and Win
## Related topics
-
[Technical Reference for UE-V](uev-technical-reference.md)
-
[Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md)
-
[Choose the Configuration Method for UE-V](uev-deploy-required-features.md)
-
-
-
-
-
-
-
-
-
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index e06e33e471..8fb7fae374 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -1,37 +1,22 @@
---
title: Synchronizing Microsoft Office with UE-V
description: Learn how User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Synchronizing Office with UE-V
-**Applies to**
-- Windows 10, version 1607
-
Microsoft User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. The combination of UE-V and App-V support for Office enables the same experience on virtualized instances of Office from any UE-V-enabled device or virtualized desktop.
-To synchronize Office applications settings, you can download Office templates from the [User Experience Virtualization (UE-V) Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V). This resource provides Microsoft-authored UE-V settings location templates and community-developed settings location templates.
-
## Microsoft Office support in UE-V
-UE-V includes settings location templates for Microsoft Office 2016, 2013, and 2010. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.
+UE-V includes settings location templates for Microsoft Office 2016, 2013, and 201. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.
-These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience aren't included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
+These templates help synchronize users' Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience aren't included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
## Synchronized Office Settings
-
Review the following tables for details about Office support in UE-V:
### Supported UE-V templates for Microsoft Office
@@ -50,14 +35,11 @@ Review the following tables for details about Office support in UE-V:
You can deploy UE-V settings location template with the following methods:
-- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
-
+- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
```powershell
Register-UevTemplate -Path
```
For more information about using UE-V and Windows PowerShell, see [Managing UE-V settings location templates using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
-
-- **Registering template with Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users' computers, copy the Office template into the folder defined in the UE-V service. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploy a settings template catalog](uev-deploy-uev-for-custom-applications.md).
-
-- **Registering template with Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to user devices.
+- **Registering template with Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users' computers, copy the Office template into the folder defined in the UE-V service. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploy a settings template catalog](uev-deploy-uev-for-custom-applications.md).
+- **Registering template with Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to user devices.
diff --git a/windows/configuration/ue-v/uev-technical-reference.md b/windows/configuration/ue-v/uev-technical-reference.md
index aa4bde4500..1752c0a857 100644
--- a/windows/configuration/ue-v/uev-technical-reference.md
+++ b/windows/configuration/ue-v/uev-technical-reference.md
@@ -1,72 +1,31 @@
---
title: Technical Reference for UE-V
description: Use this technical reference to learn about the various features of User Experience Virtualization (UE-V).
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Technical Reference for UE-V
-**Applies to**
-- Windows 10, version 1607
-
This technical reference section includes additional technical documentation about the various features of User Experience Virtualization (UE-V). This information is provided to help the administrator better understand UE-V.
## Technical reference topics for UE-V
-
-- [Sync Methods for UE-V](uev-sync-methods.md)
-
+- [Sync Methods for UE-V](uev-sync-methods.md)
Defines how UE-V synchronizes settings between computers and the settings storage location. Sync Provider is the default sync method for UE-V. This topic includes technical reference information for sync methods, including the Sync Provider.
-
-- [Sync Trigger Events for UE-V](uev-sync-trigger-events.md)
-
+- [Sync Trigger Events for UE-V](uev-sync-trigger-events.md)
Defines when the UE-V service synchronizes those settings with the settings storage location. This topic provides technical reference information about when synchronization takes place based upon the sync method deployed.
-
-- [Synchronizing Microsoft Office with UE-V](uev-synchronizing-microsoft-office-with-uev.md)
-
+- [Synchronizing Microsoft Office with UE-V](uev-synchronizing-microsoft-office-with-uev.md)
Provides guidance for downloading and enabling the Microsoft-authored UE-V settings location templates that support Microsoft Office settings synchronization.
-
-- [Application Template Schema Reference for UE-V](uev-application-template-schema-reference.md)
-
+- [Application Template Schema Reference for UE-V](uev-application-template-schema-reference.md)
Details the XML structure of UE-V settings location templates and provides guidance for editing these files.
-
-- [Security Considerations for UE-V](uev-security-considerations.md)
-
+- [Security Considerations for UE-V](uev-security-considerations.md)
Provides a brief overview of accounts, groups, and other security-related considerations for UE-V.
## Other resources for this feature
-
-- [User Experience Virtualization overview](uev-for-windows.md)
-
-- [Get Started with UE-V](uev-getting-started.md)
-
-- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
-
-- [Administering UE-V](uev-administering-uev.md)
-
-- [Troubleshooting UE-V](uev-troubleshooting.md)
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+- [User Experience Virtualization overview](uev-for-windows.md)
+- [Get Started with UE-V](uev-getting-started.md)
+- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+- [Administering UE-V](uev-administering-uev.md)
+- [Troubleshooting UE-V](uev-troubleshooting.md)
diff --git a/windows/configuration/ue-v/uev-troubleshooting.md b/windows/configuration/ue-v/uev-troubleshooting.md
index e27f2c92a6..24eec148f0 100644
--- a/windows/configuration/ue-v/uev-troubleshooting.md
+++ b/windows/configuration/ue-v/uev-troubleshooting.md
@@ -1,47 +1,23 @@
---
title: Troubleshooting UE-V
description: Use this technical reference to find resources for troubleshooting User Experience Virtualization (UE-V) for Windows 10.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Troubleshooting UE-V
-**Applies to**
-- Windows 10, version 1607
-
-
For information that can help with troubleshooting UE-V for Windows 10, see:
- [UE-V FAQ Wiki](https://social.technet.microsoft.com/wiki/contents/articles/35333.ue-v-important-changes-in-ue-v-functionality-after-the-windows-10-anniversary-update.aspx)
-
- [UE-V: List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14271.ue-v-list-of-microsoft-support-knowledge-base-articles.aspx)
-
- [User Experience Virtualization Release Notes](uev-release-notes-1607.md)
-
- [Technical Reference for UE-V](uev-technical-reference.md)
-
-- [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc)
+- [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc)
## Other resources
-- [User Experience Virtualization overview](uev-for-windows.md)
-
-- [Get Started with UE-V](uev-getting-started.md)
-
-- [Prepare a UE-V deployment](uev-prepare-for-deployment.md)
-
-- [Administering UE-V](uev-administering-uev.md)
-
-
-
-
+- [User Experience Virtualization overview](uev-for-windows.md)
+- [Get Started with UE-V](uev-getting-started.md)
+- [Prepare a UE-V deployment](uev-prepare-for-deployment.md)
+- [Administering UE-V](uev-administering-uev.md)
diff --git a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
index 12ac8cd14c..c9fa0104b6 100644
--- a/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
+++ b/windows/configuration/ue-v/uev-upgrade-uev-from-previous-releases.md
@@ -1,65 +1,45 @@
---
title: Upgrade to UE-V for Windows 10
-description: Use these few adjustments to upgrade from User Experience Virtualization (UE-V) 2.x to the latest version of UE-V.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+description: Use these few adjustments to upgrade from User Experience Virtualization (UE-V) 2.x to the latest version of UE-V.
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# Upgrade to UE-V for Windows 10
-**Applies to**
-- Windows 10, version 1607
+If you're already using UE-V 2.x and you're planning to upgrade user devices to Windows 10, version 1607 or later releases, you need to make only a few adjustments to your existing environment. These steps are explained in more detail below.
-If you’re already using UE-V 2.x and you’re planning to upgrade user devices to Windows 10, version 1607 or later releases, you need to make only a few adjustments to your existing environment. These steps are explained in more detail below.
-
-1. Upgrade user devices to Windows 10, version 1607 or later release.
-
-2. Verify that UE-V settings were migrated correctly.
-
-3. Set the template storage path to your current template store.
-
-4. Enable the UE-V service on user devices.
-
-5. Install the UE-V template generator if you want to synchronize application settings for custom applications.
+1. Upgrade user devices to Windows 10, version 1607 or later release.
+1. Verify that UE-V settings were migrated correctly.
+1. Set the template storage path to your current template store.
+1. Enable the UE-V service on user devices.
+1. Install the UE-V template generator if you want to synchronize application settings for custom applications.
> [!IMPORTANT]
-> You can upgrade your existing UE-V installation to Windows 10, version 1607 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10, version 1607.
+> You can upgrade your existing UE-V installation to Windows 10, version 1607 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you'll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10, version 1607.
## Upgrade user devices to Windows 10, version 1607
-Performing an in-place upgrade on user devices automatically installs the UE-V service, updates the settings location path, and migrates users' UE-V settings. See the [Windows 10 documentation for IT Pros](/windows/deployment/) for information about upgrading user devices to Windows 10.
+Performing an in-place upgrade on user devices automatically installs the UE-V service, updates the settings location path, and migrates users' UE-V settings. See the [Windows 10 documentation for IT Pros](/windows/deployment/) for information about upgrading user devices to Windows 10.
-## Verify that UE-V settings were migrated correctly
+## Verify that UE-V settings were migrated correctly
-After upgrading a user device to Windows 10, version 1607, it’s important to verify that UE-V settings and template registrations were migrated correctly during the upgrade. You can verify UE-V settings using Windows PowerShell or the device’s registry.
+After upgrading a user device to Windows 10, version 1607, it's important to verify that UE-V settings and template registrations were migrated correctly during the upgrade. You can verify UE-V settings using Windows PowerShell or the device's registry.
**To verify UE-V settings using Windows PowerShell**
1. Run PowerShell as Administrator, type **Get-UEVConfiguration**, and press ENTER to view current configurations.
-
-2. Check that the settings were successfully updated.
-
-3. Type **Get-UEVTemplate** and press ENTER to check that your templates are still registered.
+1. Check that the settings were successfully updated.
+1. Type **Get-UEVTemplate** and press ENTER to check that your templates are still registered.
> [!NOTE]
- > You’ll need to register the NotePad template again after you upgrade the device to Windows 10.
+ > You'll need to register the NotePad template again after you upgrade the device to Windows 1.
-**To verify UE-V settings using the device’s registry**
+**To verify UE-V settings using the device's registry**
1. In a command prompt, run **Regedit** as Administrator.
-
-2. Navigate to **HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration.**
-
-3. Verify that the settings storage path and the settings template catalog path are pointing to the same locations as before you upgraded the device to Windows 10.
+1. Navigate to **HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration.**
+1. Verify that the settings storage path and the settings template catalog path are pointing to the same locations as before you upgraded the device to Windows 10.
## Set the template storage path to your current template store
@@ -67,57 +47,40 @@ Template Settings Storage Path will not automatically migrate. Run Set-UEVConfig
## Enable the UE-V service on user devices
-The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location.
+The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location.
-With Windows 10, version 1607 and later, the UE-V service replaces the UE-V Agent and no longer requires a separate download and installation. Enable the service on user devices to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
+With Windows 10, version 1607 and later, the UE-V service replaces the UE-V Agent and no longer requires a separate download and installation. Enable the service on user devices to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
> [!IMPORTANT]
> The UE-V Agent used in prior releases of UE-V is replaced with the UE service. The UE-V service included with Windows 10, version 1607 and later releases, does not include the agent user interface and is configurable through cmdlets or registry settings only.
**To enable the UE-V service with Group Policy**
-1. Open the device’s **Group Policy Editor**.
-
-2. Navigate to **Computer Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**.
-
-3. Run **Enable UEV**
-
-4. Restart the device.
+1. Open the device's **Group Policy Editor**
+1. Navigate to **Computer Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**
+1. Run **Enable UEV**
+1. Restart the device
**To enable the UE-V service with Windows PowerShell**
-1. Run PowerShell as Administrator, type **Enable-UEV**, and press ENTER.
-
-2. Restart the device.
-
-3. Type **Get-UEVStatus** and press ENTER to verify that the service was successfully enabled.
+1. Run PowerShell as Administrator, type **Enable-UEV**, and press ENTER
+1. Restart the device
+1. Type **Get-UEVStatus** and press ENTER to verify that the service was successfully enabled
## Install the UE-V template generator
-The UE-V template generator is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10.
+The UE-V template generator is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10.
**To install the UE-V template generator**
-1. Go to [Download the Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) to access the ADK.
-
-2. Select the **Get Windows ADK for Windows 10** button on this page to start the ADK installer. On the screen pictured below, select **Microsoft User Experience Virtualization (UE-V) Template Generator** and then select **Install**.
-
+1. Select the **Get Windows ADK for Windows 10** button on this page to start the ADK installer. On the screen pictured below, select **Microsoft User Experience Virtualization (UE-V) Template Generator** and then select **Install**
-
-3. To open the generator, open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator**.
-
-
-
-
+1. To open the generator, open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator**
## Other resources for this feature
-- [UE-V Release Notes](uev-release-notes-1607.md)
-
-- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
-
-- [Administer UE-V](uev-administering-uev.md)
-
-- [Migrating settings packages](uev-migrating-settings-packages.md)
-
-- [Technical Reference for UE-V](uev-technical-reference.md)
+- [UE-V Release Notes](uev-release-notes-1607.md)
+- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+- [Administer UE-V](uev-administering-uev.md)
+- [Migrating settings packages](uev-migrating-settings-packages.md)
+- [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
index 85bc1b7d3c..3a5c9b6c5a 100644
--- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
+++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
@@ -1,25 +1,12 @@
---
title: Using UE-V with Application Virtualization applications
description: Learn how to use User Experience Virtualization (UE-V) with Microsoft Application Virtualization (App-V).
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
-
# Using UE-V with Application Virtualization applications
-**Applies to**
-- Windows 10, version 1607
-
User Experience Virtualization (UE-V) supports Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, another step is required because you can't run the UE-V template generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V for Windows 10 packages and App-V 5.0 packages.
## UE-V settings synchronization for App-V applications
@@ -28,16 +15,15 @@ UE-V monitors when an application opens by the program name and, optionally, by
**To implement settings synchronization for a virtualized application**
-1. Run the UE-V template generator to collect the settings of the locally installed application whose settings you want to synchronize between computers. This process creates a settings location template. If you use a built-in template such as a Microsoft Office template, skip this step. For more information about using the UE-V template generator, see [Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md).
+1. Run the UE-V template generator to collect the settings of the locally installed application whose settings you want to synchronize between computers. This process creates a settings location template. If you use a built-in template such as a Microsoft Office template, skip this step. For more information about using the UE-V template generator, see [Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md).
+1. Install the App-V application package if you haven't already done so.
-2. Install the App-V application package if you haven't already done so.
-
-3. Publish the template to the location of your settings template catalog or manually install the template by using the `Register-UEVTemplate` Windows PowerShell cmdlet.
+1. Publish the template to the location of your settings template catalog or manually install the template by using the `Register-UEVTemplate` Windows PowerShell cmdlet.
> [!NOTE]
> If you publish the newly created template to the settings template catalog, the client does not receive the template until the sync provider updates the settings. To manually start this process, open **Task Scheduler**, expand **Task Scheduler Library**, expand **Microsoft**, and expand **UE-V**. In the results pane, right-click **Template Auto Update**, and then click **Run**.
-4. Start the App-V package.
+1. Start the App-V package.
## Related topics
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index fa2083f4ad..83e3ffd473 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -1,24 +1,12 @@
---
title: What's New in UE-V for Windows 10, version 1607
description: Learn about what's new in User Experience Virtualization (UE-V) for Windows 10, including new features and capabilities.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
# What's new in UE-V
-**Applies to**
-- Windows 10, version 1607
-
User Experience Virtualization (UE-V) for Windows 10, version 1607, includes these new features and capabilities compared to UE-V 2.1. For more information about the UE-V for Windows 10, version 1607 release, see [UE-V Release notes](uev-release-notes-1607.md).
## UE-V is a feature in Windows 10
@@ -28,35 +16,33 @@ With Windows 10, version 1607 and later releases, UE-V is included with Windows
The changes in UE-V for Windows 10, version 1607 impact already existing implementations of UE-V in the following ways:
- The UE-V Agent is replaced by the UE-V service. The UE-V service is installed with Windows 10, version 1607 and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the UE-V service, migrates users' UE-V configurations, and updates the settings storage path.
-
-- The UE-V template generator is available from the Windows 10 ADK. In previous releases of UE-V, the template generator was included in the Microsoft Desktop Optimization Pack. Although you'll need to use the new template generator to create new settings location templates, existing settings location templates will continue to work.
-
-- The Company Settings Center was removed and is no longer available on user devices. Users can no longer manage their synchronized settings.
-
+- The UE-V template generator is available from the Windows 10 ADK. In previous releases of UE-V, the template generator was included in the Microsoft Desktop Optimization Pack. Although you'll need to use the new template generator to create new settings location templates, existing settings location templates will continue to work.
+- The Company Settings Center was removed and is no longer available on user devices. Users can no longer manage their synchronized settings.
- The inbox templates such as Office 2016 and IE 10 are included as a part of Windows 10 and need to be manually registered with Powershell or Group policy before use.
For more information about how to configure an existing UE-V installation after upgrading user devices to Windows 10, see [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md).
-> **Important** You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you'll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10.
+> [!IMPORTANT]
+> You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you'll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10.
## New UE-V template generator is available from the Windows 10 ADK
-UE-V for Windows 10 includes a new template generator, available from a new location. If you're upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
+UE-V for Windows 10 includes a new template generator, available from a new location. If you're upgrading from an existing UE-V installation, you'll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
## Company Settings Center removed in UE-V for Windows 10, version 1607
In previous versions of UE-V, users could select which of their customized application settings to synchronize with the Company Settings Center, a user interface that was available on user devices. Additionally, administrators could configure the Company Settings Center to include a link to support resources so that users could easily get support on virtualized settings-related issues.
-With the release of Windows 10, version 1607, the Company Settings Center was removed and users can no longer manage their synchronized settings.
+With the release of Windows 10, version 1607, the Company Settings Center was removed and users can no longer manage their synchronized settings.
-Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.
+Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.
>[!Note]
>With the removal of the Company Settings Center, the following group policies are no longer applicable:
-- Contact IT Link Text
-- Contact IT URL
-- Tray Icon
+- Contact IT Link Text
+- Contact IT URL
+- Tray Icon
## Compatibility with Microsoft Enterprise State Roaming
@@ -66,18 +52,15 @@ In hybrid cloud environments, UE-V can roam Win32 applications on-premises while
To configure UE-V to roam Windows desktop and application data only, change the following group policies:
-- Disable "Roam Windows settings" group policy
-
-- Enable "Do not synchronize Windows Apps" group policy
+- Disable "Roam Windows settings" group policy
+- Enable "Do not synchronize Windows Apps" group policy
For more information about using UE-V with Enterprise State Roaming, see [Settings and data roaming FAQ](/azure/active-directory/devices/enterprise-state-roaming-faqs#what-are-the-roaming-settings-options-for-existing-windows-desktop-applications-).
Additionally, to enable Windows 10 and UE-V to work together, configure these policy settings in the Microsoft User Experience Virtualization node:
-- Enable "Do Not Synchronize Windows Apps"
-
-- Disable "Sync Windows Settings"
-
+- Enable "Do Not Synchronize Windows Apps"
+- Disable "Sync Windows Settings"
## Settings Synchronization Behavior Changed in UE-V for Windows 10
@@ -96,40 +79,33 @@ Users can now print to their saved network printers from any network device, inc
Printer roaming in UE-V requires one of these scenarios:
-- The print server can download the required driver when it roams to a new device.
+- The print server can download the required driver when it roams to a new device.
+- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
+- The printer driver can be imported from Windows Update.
-- The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
-
-- The printer driver can be imported from Windows Update.
-
-> [!Note]
+> [!NOTE]
> The UE-V printer roaming feature doesn't roam printer settings or preferences, such as printing double-sided.
## Office 2016 Settings Location Template
UE-V for Windows 10, version 1607 includes the Microsoft Office 2016 settings location template with improved Outlook signature support. We've added synchronization of default signature settings for new, reply, and forwarded emails. Users no longer have to choose the default signature settings.
-> [!Note]
+> [!NOTE]
> An Outlook profile must be created on any device on which a user wants to synchronize their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
-UE-V works with Office 365 to determine whether Office 2016 settings are roamed by Office 365. If settings are roamed by Office 365, they aren't roamed by UE-V. For more information, see [Overview of user and roaming settings for Microsoft Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
+UE-V works with Office 365 to determine whether Office 2016 settings are roamed by Office 361. If settings are roamed by Office 365, they aren't roamed by UE-V. For more information, see [Overview of user and roaming settings for Microsoft Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
To enable settings synchronization using UE-V, do one of the following steps:
-- Use Group Policy to disable Office 365 synchronization
-
-- Don't enable the Office 365 synchronization experience during Office 2013 installation
+- Use Group Policy to disable Office 365 synchronization
+- Don't enable the Office 365 synchronization experience during Office 2013 installation
UE-V includes Office 2016, Office 2013, and Office 2010 templates.
## Related topics
- [Microsoft User Experience Virtualization](uev-for-windows.md)
-
- [Get Started with UE-V](uev-getting-started.md)
-
- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
-
- [User Experience Virtualization (UE-V) Release Notes](uev-release-notes-1607.md) for Windows 10, version 1607
-
- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
index 8fca3e87fa..9dc8d45822 100644
--- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
+++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
@@ -1,59 +1,40 @@
---
title: Working with Custom UE-V Templates and the UE-V Template Generator
description: Create your own custom settings location templates by working with Custom User Experience Virtualization (UE-V) Templates and the UE-V Template Generator.
-author: aczechowski
-ms.prod: windows-client
-ms.collection:
- - tier3
- - must-keep
-ms.date: 04/19/2017
-ms.reviewer:
-manager: aaroncz
-ms.author: aaroncz
+ms.date: 1/25/2024
ms.topic: article
-ms.technology: itpro-configure
---
-
# Working with custom UE-V templates and the UE-V template generator
-**Applies to**
-- Windows 10
-
User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those settings included in the default templates, you can create your own custom settings location templates with the UE-V template generator. You can also edit or validate custom settings location templates with the UE-V template generator.
Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator doesn't create settings location templates for the following types of applications:
-- Virtualized applications
-- Applications that are offered through Terminal Services
-- Java applications
-- Windows applications
+- Virtualized applications
+- Applications that are offered through Terminal Services
+- Java applications
+- Windows applications
## Standard and non-standard settings locations
-The UE-V template generator helps you identify where applications search for settings files and registry settings that applications use to store settings information. The generator discovers settings only in locations that are accessible to a standard user. Settings that are stored in other locations are excluded.
+The UE-V template generator helps you identify where applications search for settings files and registry settings that applications use to store settings information. The generator discovers settings only in locations that are accessible to a standard user. Settings that are stored in other locations are excluded.
Discovered settings are grouped into two categories: **Standard** and **Non-standard**. Standard settings are recommended for synchronization, and UE-V can readily capture and apply them. Non-standard settings can potentially synchronize settings but, because of the rules that UE-V uses, these settings might not consistently or dependably synchronize settings. These settings might depend on temporary files, result in unreliable synchronization, or might not be useful. These settings locations are presented in the UE-V template generator. You can choose to include or exclude them on a case-by-case basis.
The UE-V template generator opens the application as part of the discovery process. The generator can capture settings in the following locations:
-- **Registry Settings** - Registry locations under **HKEY\_CURRENT\_USER**
-
-- **Application Settings Files** - Files that are stored under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**
+- **Registry Settings** - Registry locations under **HKEY_CURRENT_USER**
+- **Application Settings Files** - Files that are stored under \ **Users** \ [User name] \ **AppData** \ **Roaming**
The UE-V template generator excludes locations, which commonly store application software files, but don't synchronize well between user computers or environments. The UE-V template generator excludes these locations. Excluded locations are as follows:
-- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user can't write values
-
-- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system
-
-- All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive, which requires administrator rights and might require to set a User Account Control (UAC) agreement
-
-- Files that are located in Program Files directories, which requires administrator rights and might require to set a UAC agreement
-
-- Files that are located under Users \\ \[User name\] \\ AppData \\ LocalLow
-
-- Windows operating system files that are located in %Systemroot%, which requires administrator rights and might require to set a UAC agreement
+- HKEY_CURRENT_USER registry keys and files to which the logged-on user can't write values
+- HKEY_CURRENT_USER registry keys and files that are associated with the core functionality of the Windows operating system
+- All registry keys that are located in the HKEY_LOCAL_MACHINE hive, which requires administrator rights and might require to set a User Account Control (UAC) agreement
+- Files that are located in Program Files directories, which requires administrator rights and might require to set a UAC agreement
+- Files that are located under Users \ [User name] \ AppData \ LocalLow
+- Windows operating system files that are located in %Systemroot%, which requires administrator rights and might require to set a UAC agreement
If registry keys and files that are stored in these locations are required to synchronize application settings, you can manually add the excluded locations to the settings location template during the template creation process.
@@ -63,56 +44,45 @@ Use the UE-V template generator to edit settings location templates. When the re
### To edit a UE-V settings location template with the UE-V template generator
-1. Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator.
+1. Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator.
+1. Click **Edit a settings location template**.
+1. In the list of recently used templates, select the template to be edited. Alternatively, click **Browse** to search for the settings template file. Click **Next** to continue.
+1. Review the **Properties**, **Registry** locations, and **Files** locations for the settings template. Edit as required.
-2. Click **Edit a settings location template**.
+ - On the **Properties** tab, you can view and edit the following properties:
-3. In the list of recently used templates, select the template to be edited. Alternatively, click **Browse** to search for the settings template file. Click **Next** to continue.
+ - **Application name** The application name that is written in the description of the program file properties.
-4. Review the **Properties**, **Registry** locations, and **Files** locations for the settings template. Edit as required.
+ - **Program name** The name of the program that is taken from the program file properties. This name usually has the .exe file name extension.
- - On the **Properties** tab, you can view and edit the following properties:
+ - **Product version** The product version number of the .exe file of the application. This property, together with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, then the settings location template applies to all versions of the product.
- - **Application name** The application name that is written in the description of the program file properties.
+ - **File version** The file version number of the .exe file of the application. This property, along with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the program.
- - **Program name** The name of the program that is taken from the program file properties. This name usually has the .exe file name extension.
+ - **Template author name** (optional) The name of the settings template author.
- - **Product version** The product version number of the .exe file of the application. This property, together with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, then the settings location template applies to all versions of the product.
+ - **Template author email** (optional) The email address of the settings location template author.
- - **File version** The file version number of the .exe file of the application. This property, along with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the program.
+ - The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. You can edit the registry locations by using the **Tasks** drop-down menu. In the Tasks menu, you can add new keys, edit the name or scope of existing keys, delete keys, and browse the registry in which the keys are located. When you define the scope for the registry, you can use the **All Settings** scope to include all the registry settings under the specified key. Use **All Settings** and **Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings.
- - **Template author name** (optional) The name of the settings template author.
+ - The **Files** tab lists the file path and file mask of the file locations that are included in the settings location template. You can edit the file locations by using the **Tasks** drop-down menu. In the **Tasks** menu for file locations, you can add new files or folder locations, edit the scope of existing files or folders, delete files or folders, and open the selected location in Windows Explorer. To include all files in the specified folder, leave the file mask empty.
- - **Template author email** (optional) The email address of the settings location template author.
-
- - The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. You can edit the registry locations by using the **Tasks** drop-down menu. In the Tasks menu, you can add new keys, edit the name or scope of existing keys, delete keys, and browse the registry in which the keys are located. When you define the scope for the registry, you can use the **All Settings** scope to include all the registry settings under the specified key. Use **All Settings** and **Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings.
-
- - The **Files** tab lists the file path and file mask of the file locations that are included in the settings location template. You can edit the file locations by using the **Tasks** drop-down menu. In the **Tasks** menu for file locations, you can add new files or folder locations, edit the scope of existing files or folders, delete files or folders, and open the selected location in Windows Explorer. To include all files in the specified folder, leave the file mask empty.
-
-5. Click **Save** to save the changes to the settings location template.
-
-6. Click **Close** to close the Settings Template Wizard. Exit the UE-V template generator application.
+1. Click **Save** to save the changes to the settings location template.
+1. Click **Close** to close the Settings Template Wizard. Exit the UE-V template generator application.
After you edit the settings location template for an application, you should test the template. Deploy the revised settings location template in a lab environment before you put it into production in the enterprise.
### How to manually edit a settings location template
-1. Create a local copy of the settings location template .xml file. UE-V settings location templates are .xml files that identify the locations where application store settings values.
-
+1. Create a local copy of the settings location template .xml file. UE-V settings location templates are .xml files that identify the locations where application store settings values.
> [!NOTE]
> A settings location template is unique because of the template **ID**. If you copy the template and rename the .xml file, template registration fails because UE-V reads the template **ID** tag in the .xml file to determine the name, not the file name of the .xml file. UE-V also reads the **Version** number to know if anything has changed. If the version number is higher, UE-V updates the template.
-
-2. Open the settings location template file with an XML editor.
-
-3. Edit the settings location template file. All changes must conform to the UE-V schema file that is defined in [SettingsLocationTempate.xsd](uev-application-template-schema-reference.md). By default, a copy of the .xsd file is located in \\ProgramData\\Microsoft\\UEV\\Templates.
-
-4. Increment the **Version** number for the settings location template.
-
-5. Save the settings location template file, and then close the XML editor.
-
-6. Validate the modified settings location template file by using the UE-V template generator.
-
-7. You must register the edited UE-V settings location template before it can synchronize settings between client computers. To register a template, open Windows PowerShell, and then run the following cmdlet: `update-uevtemplate [templatefilename]`. You can then copy the file to the settings storage catalog. The UE-V Agent on users' computers should then update as scheduled in the scheduled task.
+1. Open the settings location template file with an XML editor.
+1. Edit the settings location template file. All changes must conform to the UE-V schema file that is defined in [SettingsLocationTempate.xsd](uev-application-template-schema-reference.md). By default, a copy of the .xsd file is located in \ProgramData\Microsoft\UEV\Templates.
+1. Increment the **Version** number for the settings location template.
+1. Save the settings location template file, and then close the XML editor.
+1. Validate the modified settings location template file by using the UE-V template generator.
+1. You must register the edited UE-V settings location template before it can synchronize settings between client computers. To register a template, open Windows PowerShell, and then run the following cmdlet: `update-uevtemplate [templatefilename]`. You can then copy the file to the settings storage catalog. The UE-V Agent on users' computers should then update as scheduled in the scheduled task.
## Validate settings location templates with the UE-V template generator
@@ -120,15 +90,11 @@ It's possible to create or edit settings location templates in an XML editor wit
To validate a UE-V settings location template with the UE-V template generator:
-1. Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator.
-
-2. Click **Validate a settings location template**.
-
-3. In the list of recently used templates, select the template to be edited. Alternatively, you can **Browse** to the settings template file. Click **Next** to continue.
-
-4. Click **Validate** to continue.
-
-5. Click **Close** to close the Settings Template Wizard. Exit the UE-V template generator application.
+1. Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator.
+1. Click **Validate a settings location template**.
+1. In the list of recently used templates, select the template to be edited. Alternatively, you can **Browse** to the settings template file. Click **Next** to continue.
+1. Click **Validate** to continue.
+1. Click **Close** to close the Settings Template Wizard. Exit the UE-V template generator application.
After you validate the settings location template for an application, you should test the template. Deploy the template in a lab environment before you put it into a production environment in enterprise.
@@ -136,19 +102,14 @@ To validate a UE-V settings location template with the UE-V template generator:
## Share settings location templates with the Template Gallery
-The [User Experience Virtualization Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V) enables administrators to share their UE-V settings location templates. Upload your settings location templates to the gallery for other users to use, and download templates that other users have created.
-
Before you share a settings location template on the UE-V template gallery, ensure it doesn't contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
-- Template Author Name – Specify a general, non-identifying name for the template author name or exclude this data from the template.
-
-- Template Author Email – Specify a general, non-identifying template author email or exclude this data from the template.
+- Template Author Name - Specify a general, non-identifying name for the template author name or exclude this data from the template.
+- Template Author Email - Specify a general, non-identifying template author email or exclude this data from the template.
Before you deploy any settings location template that you've downloaded from the UE-V gallery, you should first test the template to ensure that the application settings synchronize settings correctly in a test environment.
-
## Related topics
[Administering UE-V](uev-administering-uev.md)
-
[Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md)
diff --git a/windows/configuration/wcd/toc.yml b/windows/configuration/wcd/toc.yml
new file mode 100644
index 0000000000..6ccbe0c362
--- /dev/null
+++ b/windows/configuration/wcd/toc.yml
@@ -0,0 +1,111 @@
+items:
+- name: Windows Configuration Designer provisioning settings (reference)
+ href: wcd.md
+- name: Changes to settings in Windows Configuration Designer
+ href: wcd-changes.md
+- name: AccountManagement
+ href: wcd-accountmanagement.md
+- name: Accounts
+ href: wcd-accounts.md
+- name: ADMXIngestion
+ href: wcd-admxingestion.md
+- name: AssignedAccess
+ href: wcd-assignedaccess.md
+- name: Browser
+ href: wcd-browser.md
+- name: CellCore
+ href: wcd-cellcore.md
+- name: Cellular
+ href: wcd-cellular.md
+- name: Certificates
+ href: wcd-certificates.md
+- name: CleanPC
+ href: wcd-cleanpc.md
+- name: Connections
+ href: wcd-connections.md
+- name: ConnectivityProfiles
+ href: wcd-connectivityprofiles.md
+- name: CountryAndRegion
+ href: wcd-countryandregion.md
+- name: DesktopBackgroundAndColors
+ href: wcd-desktopbackgroundandcolors.md
+- name: DeveloperSetup
+ href: wcd-developersetup.md
+- name: DeviceFormFactor
+ href: wcd-deviceformfactor.md
+- name: DeviceManagement
+ href: wcd-devicemanagement.md
+- name: DeviceUpdateCenter
+ href: wcd-deviceupdatecenter.md
+- name: DMClient
+ href: wcd-dmclient.md
+- name: EditionUpgrade
+ href: wcd-editionupgrade.md
+- name: FirewallConfiguration
+ href: wcd-firewallconfiguration.md
+- name: FirstExperience
+ href: wcd-firstexperience.md
+- name: Folders
+ href: wcd-folders.md
+- name: HotSpot
+ href: wcd-hotspot.md
+- name: KioskBrowser
+ href: wcd-kioskbrowser.md
+- name: Licensing
+ href: wcd-licensing.md
+- name: Location
+ href: wcd-location.md
+- name: Maps
+ href: wcd-maps.md
+- name: NetworkProxy
+ href: wcd-networkproxy.md
+- name: NetworkQOSPolicy
+ href: wcd-networkqospolicy.md
+- name: OOBE
+ href: wcd-oobe.md
+- name: Personalization
+ href: wcd-personalization.md
+- name: Policies
+ href: wcd-policies.md
+- name: Privacy
+ href: wcd-privacy.md
+- name: ProvisioningCommands
+ href: wcd-provisioningcommands.md
+- name: SharedPC
+ href: wcd-sharedpc.md
+- name: SMISettings
+ href: wcd-smisettings.md
+- name: Start
+ href: wcd-start.md
+- name: StartupApp
+ href: wcd-startupapp.md
+- name: StartupBackgroundTasks
+ href: wcd-startupbackgroundtasks.md
+- name: StorageD3InModernStandby
+ href: wcd-storaged3inmodernstandby.md
+- name: SurfaceHubManagement
+ href: wcd-surfacehubmanagement.md
+- name: TabletMode
+ href: wcd-tabletmode.md
+- name: TakeATest
+ href: wcd-takeatest.md
+- name: Time
+ href: wcd-time.md
+- name: UnifiedWriteFilter
+ href: wcd-unifiedwritefilter.md
+- name: UniversalAppInstall
+ href: wcd-universalappinstall.md
+- name: UniversalAppUninstall
+ href: wcd-universalappuninstall.md
+- name: UsbErrorsOEMOverride
+ href: wcd-usberrorsoemoverride.md
+- name: WeakCharger
+ href: wcd-weakcharger.md
+- name: WindowsHelloForBusiness
+ href: wcd-windowshelloforbusiness.md
+- name: WindowsTeamSettings
+ href: wcd-windowsteamsettings.md
+- name: WLAN
+ href: wcd-wlan.md
+- name: Workplace
+ href: wcd-workplace.md
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-accountmanagement.md b/windows/configuration/wcd/wcd-accountmanagement.md
index 0b571541ae..9ae273a3e2 100644
--- a/windows/configuration/wcd/wcd-accountmanagement.md
+++ b/windows/configuration/wcd/wcd-accountmanagement.md
@@ -1,16 +1,8 @@
---
-title: AccountManagement (Windows 10)
+title: AccountManagement
description: This section describes the account management settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# AccountManagement (Windows Configuration Designer reference)
@@ -21,16 +13,15 @@ Use these settings to configure the Account Manager service.
| Settings | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [DeletionPolicy](#deletionpolicy) | | | ✔️ | |
-| [EnableProfileManager](#enableprofilemanager) | | | ✔️ | |
-| [ProfileInactivityThreshold](#profileinactivitythreshold) | | | ✔️ | |
-| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) | | | ✔️ | |
-| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) | | | ✔️ | |
+| [DeletionPolicy](#deletionpolicy) | | | ✅ | |
+| [EnableProfileManager](#enableprofilemanager) | | | ✅ | |
+| [ProfileInactivityThreshold](#profileinactivitythreshold) | | | ✅ | |
+| [StorageCapacityStartDeletion](#storagecapacitystartdeletion) | | | ✅ | |
+| [StorageCapacityStopDeletion](#storagecapacitystopdeletion) | | | ✅ | |
>[!NOTE]
>Although the AccountManagement settings are available in advanced provisioning for other editions, you should only use them for HoloLens devices.
-
## DeletionPolicy
Use this setting to set a policy for deleting accounts.
@@ -43,7 +34,6 @@ Use this setting to set a policy for deleting accounts.
Set as **True** to enable automatic account management. If this is not set to **True**, no automatic account management will occur.
-
## ProfileInactivityThreshold
If you set **DeletionPolicy** as **Delete at storage capacity threshold and profile inactivity threshold**, use this setting to configure the number of days after which an account that has not signed in will be deleted.
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 20e2c8f6fc..69e8725d39 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -1,16 +1,8 @@
---
-title: Accounts (Windows 10)
+title: Accounts
description: This section describes the account settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Accounts (Windows Configuration Designer reference)
@@ -20,11 +12,10 @@ Use these settings to join a device to an Active Directory domain or a Microsoft
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [Azure](#azure) | ✔️ | ✔️ | ✔️ | |
-| [ComputerAccount](#computeraccount) | ✔️ | ✔️ | | ✔️ |
-| [Users](#users) | ✔️ | ✔️ | ✔️ | |
-
+| --- | :---: | :---: | :---: | :---: |
+| [Azure](#azure) | ✅ | ✅ | ✅ | |
+| [ComputerAccount](#computeraccount) | ✅ | ✅ | | ✅ |
+| [Users](#users) | ✅ | ✅ | ✅ | |
## Azure
@@ -44,7 +35,7 @@ Specifies the settings you can configure when joining a device to a domain, incl
| --- | --- | --- |
| Account | String | Account to use to join computer to domain |
| AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com. | Name of organizational unit for the computer account |
-| ComputerName | On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, including `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10 version 1709 and earlier releases, use the **ComputerName** setting under **Accounts**. | Specifies the name of the Windows device (computer name on PCs) |
+| ComputerName | On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 61. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, including `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10 version 1709 and earlier releases, use the **ComputerName** setting under **Accounts**. | Specifies the name of the Windows device (computer name on PCs) |
| DomainName | String (can't be empty) | Specify the name of the domain that the device will join |
| Password | String (can't be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. |
diff --git a/windows/configuration/wcd/wcd-admxingestion.md b/windows/configuration/wcd/wcd-admxingestion.md
index 9af5c203a8..b5e3447233 100644
--- a/windows/configuration/wcd/wcd-admxingestion.md
+++ b/windows/configuration/wcd/wcd-admxingestion.md
@@ -1,98 +1,74 @@
---
-title: ADMXIngestion (Windows 10)
+title: ADMXIngestion
description: This section describes the ADMXIngestion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# ADMXIngestion (Windows Configuration Designer reference)
-Starting in Windows 10, version 1703, you can import (*ingest*) Group Policy administrative templates (ADMX files) and configure values for ADMX-backed policies in a provisioning package. To see which types of ADMX-backed policies can be applied, see [Win32 and Desktop Bridge app policy configuration overview](/windows/client-management/mdm/win32-and-centennial-app-policy-configuration).
+Starting in Windows 10, version 1703, you can import (*ingest*) Group Policy administrative templates (ADMX files) and configure values for ADMX-backed policies in a provisioning package. To see which types of ADMX-backed policies can be applied, see [Win32 and Desktop Bridge app policy configuration overview](/windows/client-management/mdm/win32-and-centennial-app-policy-configuration).
+
+- The settings under [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) allow you to set values for policies in the imported ADMX file.
-- The settings under [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) allow you to set values for policies in the imported ADMX file.
- The settings under [ConfigOperations](#configoperations) specify the ADMX file to be imported.
-
>[!IMPORTANT]
>Only device scope policies (class="Machine" or class="Both") can be set using a provisioning package.
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Enterprise |
-| --- | :---: | :---: | :---: | :---: |
-| [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) | ✔️ | | | ✔️ |
-| [ConfigOperations](#configoperations) | ✔️ | | | ✔️ |
+|--|:-:|:-:|:-:|:-:|
+| [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) | ✅ | | | ✅ |
+| [ConfigOperations](#configoperations) | ✅ | | | ✅ |
## ConfigOperations
Use **ConfigOperations** to import ADMX policies from an ADMX file.
-1. Enter an app name, and then click **Add**.
-
+1. Enter an app name, and then click **Add**.
This can be any name you assign, so choose something descriptive to help you identify its purpose. For example, if you are importing ADMX for Chromium Edge, enter an app name.
-
Example, `MSEdgeEfficiencyMode`
-
-2. Select the app name in the Customizations pane, select a setting type, and then click **Add**.
-
- The choices, **Policy** and **Preference**, have no impact on the behavior of the settings, and are only provided for your convenience should you want to categorize the settings you add.
-
-3. Select the setting type in the Customizations pane. In the **AdmxFileUid** field, enter the name of the ADMX file or a unique ID for the file, and then click **Add**.
-
- The **AdmxFileUid** can be any string, but must be unique in the provisioning package. Using the name of the ADMX file will help you identify the file in the future.
-
+1. Select the app name in the Customizations pane, select a setting type, and then click **Add**.
+ The choices, **Policy** and **Preference**, have no impact on the behavior of the settings, and are only provided for your convenience should you want to categorize the settings you add.
+1. Select the setting type in the Customizations pane. In the **AdmxFileUid** field, enter the name of the ADMX file or a unique ID for the file, and then click **Add**.
+ The **AdmxFileUid** can be any string, but must be unique in the provisioning package. Using the name of the ADMX file will help you identify the file in the future.
Example, `MSEdgeEfficiencyMode`
>[!NOTE]
- >Keeping the AdmxFileUid and AppName the same will help prevent authorizing errors.
+ >Keeping the AdmxFileUid and AppName the same will help prevent authorizing errors.
-4. Select the AdmxFileUid in the Customizations pane, and paste the contents of the ADMX file in the text field. Before copying the contents of the ADMX file, you must convert it to a single-line. See [Convert multi-line to single line](#convert) for instructions.
+1. Select the AdmxFileUid in the Customizations pane, and paste the contents of the ADMX file in the text field. Before copying the contents of the ADMX file, you must convert it to a single-line. See [Convert multi-line to single line](#convert) for instructions.
>[!NOTE]
- >When you have a large ADMX file, you may want to only include specific settings. Instead of pasting in the entire ADMX file, you can paste just one or more specific policies (after converting them to single-line).
-
+ >When you have a large ADMX file, you may want to only include specific settings. Instead of pasting in the entire ADMX file, you can paste just one or more specific policies (after converting them to single-line).
+
Example, EfficiencyMode
```XML
```
-
-5. Repeat for each ADMX, or set of ADMX policies, that you want to add, and then configure [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) for each one.
+
+1. Repeat for each ADMX, or set of ADMX policies, that you want to add, and then configure [ConfigADMXInstalledPolicy](#configadmxinstalledpolicy) for each one.
-
## ConfigADMXInstalledPolicy
>[!IMPORTANT]
->Configure the settings to import the ADMX file in [ConfigOperations](#configoperations) first.
+>Configure the settings to import the ADMX file in [ConfigOperations](#configoperations) first.
In **ConfigADMXInstalledPolicy**, you provide a policy setting and value for that policy from the imported ADMX. You will need information from the ADMX that you import in **ConfigOperations** to complete **ConfigADMXInstalledPolicy**.
1. Enter an area name, and then click **Add**. The structure of the area name is the following:
-
`~~`
-
- See [Category and policy in ADMX](#category-and-policy-in-admx) for more information. A setting may have multiple levels of category names, as in the following example.
-
+ See [Category and policy in ADMX](#category-and-policy-in-admx) for more information. A setting may have multiple levels of category names, as in the following example.
Example: `MSEdgeEfficiencyMode~Policy~microsoft_edge~Performance`
-
-2. Select the area name in the Customization pane, enter a policy name from the ADMX, and then click **Add**.
-
+1. Select the area name in the Customization pane, enter a policy name from the ADMX, and then click **Add**.
Example, `EfficiencyMode`.
-
-3. Select the policy name in the Customization pane, and then enter a value from the ADMX in the text field.
-
+1. Select the policy name in the Customization pane, and then enter a value from the ADMX in the text field.
Example, ``.
-
## Category and policy in ADMX
The following samples show the ADMX file for Chromium Edge used in the examples in the procedures above. The first sample highlights the category names.
@@ -141,7 +117,6 @@ The next sample highlights the specific policy.
```
-
## Convert multi-line to single line
Use the following PowerShell cmdlet to remove carriage returns and line feeds from a multi-line file to create a single-line file that you can paste in **AdmxFileUid**.
@@ -153,6 +128,7 @@ $inputFile = "input.admx"
```
## Configuration Samples
+
Example: Edge Efficiency Mode
```XML
diff --git a/windows/configuration/wcd/wcd-assignedaccess.md b/windows/configuration/wcd/wcd-assignedaccess.md
index 0e3964d49e..5e4bc0c513 100644
--- a/windows/configuration/wcd/wcd-assignedaccess.md
+++ b/windows/configuration/wcd/wcd-assignedaccess.md
@@ -1,16 +1,8 @@
---
-title: AssignedAccess (Windows 10)
+title: AssignedAccess
description: This section describes the AssignedAccess setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# AssignedAccess (Windows Configuration Designer reference)
@@ -20,14 +12,13 @@ Use this setting to configure single use (kiosk) devices.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [AssignedAccessSettings](#assignedaccesssettings) | ✔️ | | ✔️ | |
-| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | ✔️ | | ✔️ | |
-
+|--|:-:|:-:|:-:|:-:|
+| [AssignedAccessSettings](#assignedaccesssettings) | ✅ | | ✅ | |
+| [MultiAppAssignedAccessSettings](#multiappassignedaccesssettings) | ✅ | | ✅ | |
## AssignedAccessSettings
-Enter the account and the application you want to use for Assigned access, using [the AUMID](../find-the-application-user-model-id-of-an-installed-app.md). When that user account signs in on the device, only the specified app will run.
+Enter the account and the application you want to use for Assigned access, using [the AUMID](../find-the-application-user-model-id-of-an-installed-app.md). When that user account signs in on the device, only the specified app will run.
**Example**:
@@ -41,8 +32,8 @@ Enter the account and the application you want to use for Assigned access, using
Use this setting to configure a kiosk device that runs more than one app.
1. Create an assigned access configuration XML file for multiple apps [(desktop](../lock-down-windows-10-to-specific-apps.md) or [HoloLens)](/hololens/hololens-provisioning).
-2. In Windows Configuration Designer, select **MultiAppAssignedAccessSettings**.
-3. Browse to and select the assigned access configuration XML file.
+1. In Windows Configuration Designer, select **MultiAppAssignedAccessSettings**.
+1. Browse to and select the assigned access configuration XML file.
## Related topics
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index 3168b7df93..9a9a98aa23 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -1,16 +1,8 @@
---
-title: Browser (Windows 10)
+title: Browser
description: This section describes the Browser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 10/02/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Browser (Windows Configuration Designer reference)
@@ -20,13 +12,12 @@ Use to configure browser settings that should only be set by OEMs who are part o
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [AllowPrelaunch](#allowprelaunch) | | ✔️ | | |
-| [FavoriteBarItems](#favoritebaritems) | ✔️ | | | |
+|--|:-:|:-:|:-:|:-:|
+| [AllowPrelaunch](#allowprelaunch) | | ✅ | | |
+| [FavoriteBarItems](#favoritebaritems) | ✅ | | | |
| [Favorites](#favorites) | | | | |
-| [PartnerSearchCode](#partnersearchcode) | ✔️ | ✔️ | | |
-| [SearchProviders](#searchproviders) | | | | |
-
+| [PartnerSearchCode](#partnersearchcode) | ✅ | ✅ | | |
+| [SearchProviders](#searchproviders) | | | | |
## AllowPrelaunch
@@ -39,13 +30,13 @@ Select between **Prevent Pre-launching** and **Allow Pre-launching**.
Use to add items to the Favorites Bar in Microsoft Edge.
1. Enter a name for the item, and select **Add**. (The name you enter here's only used to distinguish the group of settings, and isn't shown on the device when the settings are applied.)
-2. In **Available customizations**, select the item that you added, and then configure the following settings for that item:
+1. In **Available customizations**, select the item that you added, and then configure the following settings for that item:
-Setting | Description
---- | ---
-ItemFavIconFile | Enter the path to the icon file, local to the device where the browser will run. The icon file must be added to the device to the specified path.
-ItemName | Enter the name for the item, which will be displayed on the Favorites Bar.
-ItemUrl | Enter the target URL for the item.
+| Setting | Description |
+|--|--|
+| ItemFavIconFile | Enter the path to the icon file, local to the device where the browser will run. The icon file must be added to the device to the specified path. |
+| ItemName | Enter the name for the item, which will be displayed on the Favorites Bar. |
+| ItemUrl | Enter the target URL for the item. |
## Favorites
@@ -54,11 +45,9 @@ Use to configure the default list of Favorites that show up in the browser.
To add a new item under the browser's **Favorites** list:
1. In the **Name** field, enter a friendly name for the item, and then click **Add**.
+1. In the **Available customizations** pane, select the friendly name that you created, and in the text field, enter the URL for the item.
-2. In the **Available customizations** pane, select the friendly name that you created, and in the text field, enter the URL for the item.
-
-For example, to include the corporate Web site to the list of browser favorites, a company called Contoso can specify **Contoso** as the value for the name and `http://www.contoso.com` for the URL.
-
+For example, to include the corporate Web site to the list of browser favorites, a company called Contoso can specify **Contoso** as the value for the name and `http://www.contoso.com` for the URL.
## PartnerSearchCode
@@ -69,16 +58,13 @@ Set the value to a character string that corresponds to the OEM's Partner Search
OEMs who are part of the program only have one PartnerSearchCode which should be used for all Windows 10 for desktop editions images.
-
-
-
## SearchProviders
Contains the settings you can use to configure the default and other search providers.
### Default
-Use *Default* to specify a name that matches one of the search providers you enter in [SearchProviderList](#searchproviderlist). If you don't specify a default search provider, this search provider will default to Microsoft Bing.
+Use *Default* to specify a name that matches one of the search providers you enter in [SearchProviderList](#searchproviderlist). If you don't specify a default search provider, this search provider will default to Microsoft Bing.
#### Specific region guidance
@@ -87,17 +73,13 @@ Some countries/regions require specific, default search providers. The following
>[!NOTE]
>For Russia + Commonwealth of Independent States (CIS), the independent states consist of Russia, Ukraine, Georgia, The Republic of Azerbaijan, Republic Of Belarus, The Republic of Kazakhstan, The Kyrgyz Republic, The Republic of Moldova, The Republic of Tajikistan, The Republic of Armenia, Turkmenistan, The Republic of Uzbekistan, and Türkiye.
-
-
### SearchProviderList
Use to specify a list of extra search providers.
1. In the **Name** field, enter a name for the item, and then click **Add**.
-
-2. In the **Available customizations** pane, select the name that you created, and in the text field, enter the URL for the other search provider.
+1. In the **Available customizations** pane, select the name that you created, and in the text field, enter the URL for the other search provider.
For example, to specify Yandex in Russia and Commonwealth of Independent States (CIS), set the value of URL to "https://yandex.ru/search/touch/?text={searchTerm}&clid=2234144".
When configured with multiple search providers, the browser can display up to 10 search providers.
-
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index f9f8b16187..398715ccad 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -1,21 +1,13 @@
---
-title: CellCore (Windows 10)
+title: CellCore
description: This section describes the CellCore settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 10/02/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# CellCore (Windows Configuration Designer reference)
->Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore isn't available in Windows 10, version 1809.
+>Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore isn't available in Windows 10, version 1801.
Use to configure settings for cellular data.
@@ -23,45 +15,47 @@ Use to configure settings for cellular data.
>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and aren't intended for use by administrators in the enterprise.
## Applies to
-|Setting groups | Windows client | Surface Hub | HoloLens | IoT Core|
-|:---|:---:|:---:|:---:|:---:|
-|PerDevice: [CellConfigurations](#cellconfigurations)| | | | |
-|PerDevice: [CellData](#celldata) |✔️|✔️| | |
-|PerDevice: [CellUX](#cellux)| ✔️ |✔️| | |
-|PerDevice: [CGDual](#cgdual)| | | | |
-|PerDevice: [eSim](#esim) | ✔️ | ✔️ | | |
-|PerDevice: [External](#external) | | | | |
-|PerDevice: [General](#general) | | | | |
-|PerDevice: [RCS](#rcs)| | | | |
-|PerDevice: [SMS](#sms)| ✔️ | ✔️ | |
-|PerDevice: [UIX](#uix)| | | | |
-|PerDevice: [UTK](#utk)| | | | |
-|PerIMSI: [CellData](#celldata2)| | | | |
-|PerIMSI: [CellUX](#cellux2)| | | | |
-|PerIMSI: [General](#general2)| | | | |
-|PerIMSI: [RCS](#rcs2)| | | | |
-|PerIMSI: [SMS](#sms2)|✔️|✔️| | |
-|PerIMSI: [UTK](#utk2)| | | | |
-|PerIMSI: [VoLTE](#volte)| | | | |
+
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+|:-|:-:|:-:|:-:|:-:|
+| PerDevice: [CellConfigurations](#cellconfigurations) | | | | |
+| PerDevice: [CellData](#celldata) | ✅ | ✅ | | |
+| PerDevice: [CellUX](#cellux) | ✅ | ✅ | | |
+| PerDevice: [CGDual](#cgdual) | | | | |
+| PerDevice: [eSim](#esim) | ✅ | ✅ | | |
+| PerDevice: [External](#external) | | | | |
+| PerDevice: [General](#general) | | | | |
+| PerDevice: [RCS](#rcs) | | | | |
+| PerDevice: [SMS](#sms) | ✅ | ✅ | |
+| PerDevice: [UIX](#uix) | | | | |
+| PerDevice: [UTK](#utk) | | | | |
+| PerIMSI: [CellData](#celldata2) | | | | |
+| PerIMSI: [CellUX](#cellux2) | | | | |
+| PerIMSI: [General](#general2) | | | | |
+| PerIMSI: [RCS](#rcs2) | | | | |
+| PerIMSI: [SMS](#sms2) | ✅ | ✅ | | |
+| PerIMSI: [UTK](#utk2) | | | | |
+| PerIMSI: [VoLTE](#volte) | | | | |
## PerDevice
### CellConfigurations
-1. In **CellConfiguration** > **PropertyGroups**, enter a name for the property group.
-2. Select the **PropertyGroups** you created in the **Available customizations** pane and then enter a **PropertyName**.
-3. Select the **PropertyName** you created in the **Available customizations** pane, and then select one of the following data types for the property:
+1. In **CellConfiguration** > **PropertyGroups**, enter a name for the property group.
+
+1. Select the **PropertyGroups** you created in the **Available customizations** pane and then enter a **PropertyName**.
+1. Select the **PropertyName** you created in the **Available customizations** pane, and then select one of the following data types for the property:
- Binary
- Boolean
- Integer
- String
-4. The data type that you selected is added in **Available customizations**. Select it to enter a value for the property.
+1. The data type that you selected is added in **Available customizations**. Select it to enter a value for the property.
### CellData
|Setting | Description|
|:--- |:---|
-|CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **don’t use cellular data** when the customization is enabled.|
+|CellularFailover | Allow or disallow cellular data failover when in limited Wi-Fi connectivity. By default, if the phone is connected to a Wi-Fi network and the data connection to a site is unsuccessful due to limited Wi-Fi connectivity, the phone will complete the connection to the site using available cellular data networks (when possible) to provide an optimal user experience. When the customization is enabled, a user option to use or not use cellular data for limited Wi-Fi connectivity becomes visible in the **Settings** > **cellular+SIM** screen. This option is automatically set to **don't use cellular data** when the customization is enabled.|
|MaxNumberOfPDPContexts | Set a maximum value (1 through 4, inclusive, or 0x1 through 0x4 hexadecimal) for the number of simultaneous packet data protocol (PDP) contexts for 3GPP connections. By default, the OS enforces a maximum of four (4) simultaneous packet data protocol (PDP) contexts for 3GPP connections, and one (1) PDP context for 3GPP2 connections. You can set a different maximum value if required by their mobile operator. The same maximums apply for both roaming and non-roaming scenarios. This maximum does not include packet contexts used internally by the modem.|
|ModemProfiles > LTEAttachGuids | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
|PersistAtImaging > DisableAoAc | Enable or disable Always-on/Always-connected (AoAc) on the WWAN adapter.|
@@ -105,11 +99,11 @@ Use to configure settings for cellular data.
|HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
|HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
|HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".|
-|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*|
+|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don't allow roaming to avoid international data roaming charges.*|
|LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
|MMSAPNAuthTypeDefault | Select between **Pap** and **Chap** for default MMS APN authentication type.|
|MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.|
-|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.|
+|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator's network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.|
|ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.|
|ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button.|
|ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.|
@@ -123,7 +117,7 @@ Use to configure settings for cellular data.
### CGDual
-Use **CGDual** > **RestrictToGlobalMode** to configure settings for global mode on C+G Dual SIM phones. When the device registration changes, if the value for this setting is set, the OS changes the preferred system type to the default preferred system type for world mode. If the phone isn't camped on any network, the OS assumes the phone is on the home network and changes the network registration preference to default mode.
+Use **CGDual** > **RestrictToGlobalMode** to configure settings for global mode on C+G Dual SIM phones. When the device registration changes, if the value for this setting is set, the OS changes the preferred system type to the default preferred system type for world mode. If the phone isn't camped on any network, the OS assumes the phone is on the home network and changes the network registration preference to default mode.
Select from the following modes:
@@ -189,7 +183,7 @@ Configure **FwUpdate** > **AllowedAppIdList** to list apps that are allowed to u
|OperatorPreferredForFasterRadio | Set Issuer Identification Number (IIN) or partial ICCID of preferred operator for the faster radio. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can map a partial ICCID or an Industry Identification Number (IIN) to the faster radio regardless of which SIM card is chosen for data connectivity. This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To map a partial ICCID or an IIN to the faster radio regardless of which SIM card is chosen for data connectivity, set the value of OperatorPreferredForFasterRadio to match the IIN or the ICCID, up to 7 digits, of the preferred operator.|
|PreferredDataProviderList | OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator. For mobile operators that require it, OEMs can set a list of MCC/MNC pairs for the purchase order (PO) carrier or primary operator so that it can be set as the default data line for phones that have a dual SIM. When the PO SIM is inserted into the phone, the OS picks the PO SIM as the data line and shows a notification to the user that the SIM has been selected for Internet data. If two PO SIMs are inserted, the OS will choose the first PO SIM that was detected as the default data line and the mobile operator action required dialogue (ARD) is shown. If two non-PO SIMs are inserted, the user is prompted to choose the SIM to use as the default data line. Note OEMs should not set this customization unless required by the mobile operator. To enumerate the MCC/MNC value pairs to use for data connections, set the value for **PreferredDataProviderList**. The value must be a comma-separated list of preferred MCC:MNC values. For example, the value can be 301:026,310:030 and so on.|
|Slot2DisableAppsList | Disable specified apps from slot 2 on a C+G dual SIM phone. To disable a list of specified apps from Slot 2, set Slot2DisableAppsList to a comma-separated list of values representing the apps. For example, `4,6`.|
-|Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 2. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 2. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)).|
+|Slot2ExcludedSystemTypes | Exclude specified system types from SIM cards inserted in Slot 1. For mobile operators that require more control over the system types that their phones use to connect to the mobile operators' networks, OEMs can restrict the second slot in a dual-SIM phone regardless of what apps or executor mapping the second slot is associated with. Note This setting is used only for China. OEMs should not use this setting unless required by the mobile operator. To allow an operator to simply restrict the second slot in a dual SIM phone regardless of what apps or executor mapping the second slot is associated with, set the value of Slot2ExcludedSystemTypes to the system types to be excluded from the SIM cards inserted in Slot 1. For example, a value of 0x8 specifies RIL_SYSTEMTYPE_UMTS (3G) while 0x10 specifies RIL_SYSTEMTYPE_LTE (4G). To exclude more than one system type, perform a bitwise OR operation on the radio technologies you want to exclude. For example, a bitwise OR operation on RIL_SYSTEMTYPE_LTE (4G) and RIL_SYSTEMTYPE_UMTS (3G) results in the value 11000 (binary) or 0x18 (hexadecimal). In this case, any SIM inserted in Slot 2 will be limited to 2G. For more information about the RIL system types, see [RILSYSTEMTYPE](/previous-versions/windows/hardware/cellular/dn931143(v=vs.85)).|
|SuggestDataRoamingARD | Use to show the data roaming suggestion dialog when roaming and the data roaming setting is set to no roaming.|
|SuggestGlobalModeARD | Define whether Global Mode is suggested on a C+G dual SIM phone.|
|SuggestGlobalModeTimeout | To specify the number of seconds to wait for network registration before suggesting global mode, set SuggestGlobalModeTimeout to a value between 1 and 600, inclusive. For example, to set the timeout to 60 seconds, set the value to 60 (decimal) or 0x3C (hexadecimal).|
@@ -208,7 +202,7 @@ Configure **FwUpdate** > **AllowedAppIdList** to list apps that are allowed to u
|AckExpirySeconds |Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. |
|DefaultMCC |Set the default mobile country code (MCC).|
|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)|
-|Encodings > GSM8BitEncodingPage|Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. |
+|Encodings > GSM8BitEncodingPage|Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55091. |
|Encodings > OctetEncodingPage |Set the octet (binary) encoding.|
|Encodings > SendUDHNLSS |Set the 7 bit GSM shift table encoding.|
|Encodings > UseASCII |Set the 7 bit ASCII encoding. Used only for CDMA carriers that use 7-bit ASCII encoding instead of GSM 7-bit encoding.|
@@ -234,7 +228,6 @@ Setting | Description
SIM1ToUIM1 | Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones.
SIMToSIMUIM | Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This scenario can provide a better experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".
-
### UTK
|Setting |Description|
@@ -244,7 +237,7 @@ SIMToSIMUIM | Partners can change the string "SIM" to "SIM/UIM" to accommodate s
## PerIMSI
-Enter an IMSI, click **Add**, and then select the IMSI that you added to configure the following settings.
+Enter an IMSI, click **Add**, and then select the IMSI that you added to configure the following settings.
### CellData
@@ -302,10 +295,10 @@ Enter an IMSI, click **Add**, and then select the IMSI that you added to configu
|HighestSpeed4G3GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G or 3G Only" to another character code, change the value of HighestSpeed4G3GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
|HighestSpeed4GOnly | You can customize the listed names of the connection speeds with their own character codes. To modify "4G Only" to another character code, change the value of HighestSpeed4GOnly. Although there is no limit to the number of characters you can use, if the character code is too long, it will be truncated in the UI.|
|HighestSpeedTitle | You can customize the **Highest connection speed** drop-down label in the **Settings** > **Cellular+SIM** > **SIM** settings page. To change the Highest connection speed drop-down label, set HighestSpeedTitle to another string. For example, you can set this to "Preferred connection speed".|
-|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don’t allow roaming to avoid international data roaming charges.*|
+|IsATTSpecific | Control the roaming text for AT&T devices. AT&T requires the phone to show a particular roaming text to meet their legal and marketing guidelines. By default, if the user chooses **roam** under **Data roaming options** in the **Settings** > **Cellular+SIM** screen, they will see the following text: *Depending on your service agreement, you might pay more when using data roaming.* If you set IsATTSpecific to **Yes**, the following roaming text will be displayed instead: *International data roaming charges apply for data usage outside the United States, Puerto Rico, and United States Virgin Islands. Don't allow roaming to avoid international data roaming charges.*|
|LTEAttachGUID | Set the value for LTEAttachGuid to the OemConnectionId GUID used for the LTE attach profile in the modem. The value is a GUID in the string format *XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX*.|
|MMSAPNIPTypeIfHidden | Select between **IPV4**, **IPV6**, **IPV4V6**, and **IPV4V6XLAT** for default MMS APN IP type.|
-|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator’s network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.|
+|ShowExtendedRejectCodes | When a reject code is sent by the network, partners can specify that extended error messages should be displayed instead of the standard simple error messages. This customization is only intended for use when required by the mobile operator's network. The short versions of the extended reject message are shown in the following screens:- Phone tile in Start- Call History screen- Dialer- Call Progress screen- Incoming Call screen- As the status string under Settings > cellular+SIMThe long version of the extended reject message is shown under the Active Network label in **Settings** > **cellular+SIM**. Select **Yes** to show the extended error message. Select **No** to hide the extended error message. See [Error messages for reject codes](#errorreject) to see the versions of the message.|
|ShowHighestSpeed3GPreferred | Select **Yes** to show the **3G Preferred** option in the **Highest connection speed** drop-down menu. Select **No** to hide **3G Preferred**.|
|ShowManualAvoidance | Select **Yes** to show the **Switch to next network manually** button in SIM settings when Mode Selection is CDMA on a C+G dual SIM phone. Select **No** to hide the **Switch to next network manually** button.|
|ShowPreferredPLMNPage | Select **Yes** to show the preferred public land mobile network (PLMN) page in SIM settings.|
@@ -398,7 +391,7 @@ Set the MultivariantProvisionedSPN value to the name of the SPN or mobile operat
The following table shows the scenarios supported by this customization.
>[!NOTE]
->In the Default SIM name column:
+>In the Default SIM name column:
>
>- The " " in MultivariantProvisionedSPN" "1234 means that there's a space between the mobile operator name or SPN and the last 4 digits of the MSISDN.
>- MultivariantProvisionedSPN means the value that you set for the MultivariantProvisionedSPN setting.
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index 4ea08e6e5b..e7d3af3d20 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -1,16 +1,8 @@
---
-title: Cellular (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: Cellular
description: This section describes the Cellular settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Cellular (Windows Configuration Designer reference)
@@ -23,8 +15,8 @@ Use to configure settings for cellular connections.
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+|--|:-:|:-:|:-:|:-:|
+| All settings | ✅ | | | |
## PerDevice
@@ -62,7 +54,6 @@ Enter a customized string for the appropriate [data class](/windows/desktop/api/
Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
-
### SignalBarMappingTable
>[!NOTE]
@@ -71,13 +62,12 @@ Enter a comma-separated list of mobile country code (MCC) and mobile network cod
Use the **SignalBarMappingTable** settings to customize the number of bars displayed based on signal strength. Set a signal strength minimum for each bar number.
1. Expand **SignalBarMappingTable**, select a bar number in **SignalForBars**, and select **Add**.
-2. Select the signal bar number in **Available customizations**, and enter a minimum signal strength value, between 0 and 31.
+1. Select the signal bar number in **Available customizations**, and enter a minimum signal strength value, between 0 and 31.
### SIMBlockList
Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
-
### UseBrandingNameOnRoaming
Select an option for displaying the BrandingName when the device is roaming.
diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md
index b05ce84a8f..d4b4d30199 100644
--- a/windows/configuration/wcd/wcd-certificates.md
+++ b/windows/configuration/wcd/wcd-certificates.md
@@ -1,16 +1,8 @@
---
-title: Certificates (Windows 10)
+title: Certificates
description: This section describes the Certificates settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Certificates (Windows Configuration Designer reference)
@@ -27,23 +19,22 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All setting groups | ✔️ | ✔️ | ✔️ | ✔️ |
-
+| All setting groups | ✅ | ✅ | ✅ | ✅ |
## CACertificates
1. In **Available customizations**, select **CACertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you created.
-3. In **CertificatePath**, browse to or enter the path to the certificate.
+1. In **Available customizations**, select the name that you created.
+1. In **CertificatePath**, browse to or enter the path to the certificate.
## ClientCertificates
1. In **Available customizations**, select **ClientCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
+1. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
-| Setting | Value | Description |
-| --- | --- | ---- |
+| Setting | Value | Description |
+| --- | --- | ---- |
| **CertificatePassword** | | |
| **CertificatePath** | | Adds the selected certificate to the Personal store on the target device. |
| ExportCertificate | True or false | Set to **True** to allow certificate export. |
@@ -52,23 +43,22 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
## RootCertificates
1. In **Available customizations**, select **RootCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you created.
-3. In **CertificatePath**, browse to or enter the path to the certificate.
+1. In **Available customizations**, select the name that you created.
+1. In **CertificatePath**, browse to or enter the path to the certificate.
## TrustedPeopleCertificates
1. In **Available customizations**, select **TrustedPeopleCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you created.
-3. In **TrustedCertificate**, browse to or enter the path to the certificate.
-
+1. In **Available customizations**, select the name that you created.
+1. In **TrustedCertificate**, browse to or enter the path to the certificate.
## TrustedProvisioners
1. In **Available customizations**, select **TrustedPprovisioners**, enter a CertificateHash, and then click **Add**.
-2. In **Available customizations**, select the name that you created.
-3. In **TrustedProvisioner**, browse to or enter the path to the certificate.
+1. In **Available customizations**, select the name that you created.
+
+1. In **TrustedProvisioner**, browse to or enter the path to the certificate.
## Related topics
-
- [RootCATrustedCertficates configuration service provider (CSP)](/windows/client-management/mdm/rootcacertificates-csp)
diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md
index 32db3b13f7..212647284b 100644
--- a/windows/configuration/wcd/wcd-changes.md
+++ b/windows/configuration/wcd/wcd-changes.md
@@ -1,16 +1,8 @@
---
-title: Changes to settings in Windows Configuration Designer (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: Changes to settings in Windows Configuration Designer
description: This section describes the changes to settings in Windows Configuration Designer in Windows 10, version 1809.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Changes to settings in Windows Configuration Designer
@@ -32,7 +24,6 @@ ms.date: 12/31/2017
## Settings added in Windows 10, version 1809
-
- [Browser > AllowPrelaunch](wcd-browser.md#allowprelaunch)
- [Browser > FavoriteBarItems](wcd-browser.md#favoritebaritems)
- [Cellular > SignalBarMappingTable](wcd-cellular.md#signalbarmappingtable)
@@ -40,61 +31,59 @@ ms.date: 12/31/2017
- [Location](wcd-location.md)
- [Policies > ApplicationManagement > LaunchAppAfterLogOn](wcd-policies.md#applicationmanagement)
- [Policies > Authentication:](wcd-policies.md#authentication)
- - EnableFastFirstSignin
- - EnableWebSignin
- - PreferredAadTenantDomainName
+ - EnableFastFirstSignin
+ - EnableWebSignin
+ - PreferredAadTenantDomainName
- [Policies > Browser:](wcd-policies.md#browser)
- - AllowFullScreenMode
- - AllowPrelaunch
- - AllowPrinting
- - AllowSavingHistory
- - AllowSideloadingOfExtensions
- - AllowTabPreloading
- - AllowWebContentOnNewTabPage
- - ConfigureFavoritesBar
- - ConfigureHomeButton
- - ConfigureKioskMode
- - ConfigureKioskResetAfterIdleTimer
- - ConfigureOpenMicrosoftEdgeWith
- - ConfigureTelemetryForMicrosoft365
- - FirstRunURL
- - PreventCertErrorOverrides
- - PreventTurningOffRequiredExtensions
- - SetHomeButtonURL
- - SetNewTabPageURL
- - UnlockHomeButton
+ - AllowFullScreenMode
+ - AllowPrelaunch
+ - AllowPrinting
+ - AllowSavingHistory
+ - AllowSideloadingOfExtensions
+ - AllowTabPreloading
+ - AllowWebContentOnNewTabPage
+ - ConfigureFavoritesBar
+ - ConfigureHomeButton
+ - ConfigureKioskMode
+ - ConfigureKioskResetAfterIdleTimer
+ - ConfigureOpenMicrosoftEdgeWith
+ - ConfigureTelemetryForMicrosoft365
+ - FirstRunURL
+ - PreventCertErrorOverrides
+ - PreventTurningOffRequiredExtensions
+ - SetHomeButtonURL
+ - SetNewTabPageURL
+ - UnlockHomeButton
- [Policies > DeliveryOptimization:](wcd-policies.md#deliveryoptimization)
- - DODelayBackgroundDownloadFromHttp
- - DODelayForegroundDownloadFromHttp
- - DOGroupIdSource
- - DOPercentageMaxBackDownloadBandwidth
- - DOPercentageMaxForeDownloadBandwidth
- - DORestrictPeerSelectionsBy
- - DOSetHoursToLimitBackgroundDownloadBandwidth
- - DOSetHoursToLimitForegroundDownloadBandwidth
+ - DODelayBackgroundDownloadFromHttp
+ - DODelayForegroundDownloadFromHttp
+ - DOGroupIdSource
+ - DOPercentageMaxBackDownloadBandwidth
+ - DOPercentageMaxForeDownloadBandwidth
+ - DORestrictPeerSelectionsBy
+ - DOSetHoursToLimitBackgroundDownloadBandwidth
+ - DOSetHoursToLimitForegroundDownloadBandwidth
- [Policies > KioskBrowser](wcd-policies.md#kioskbrowser) > EnableEndSessionButton
- [Policies > Search](wcd-policies.md#search) > DoNotUseWebResults
- [Policies > System:](wcd-policies.md#system)
- - DisableDeviceDelete
- - DisableDiagnosticDataViewer
+ - DisableDeviceDelete
+ - DisableDiagnosticDataViewer
- [Policies > Update:](wcd-policies.md#update)
- - AutoRestartDeadlinePeriodInDaysForFeatureUpdates
- - EngagedRestartDeadlineForFeatureUpdates
- - EngagedRestartSnoozeScheduleForFeatureUpdates
- - EngagedRestartTransitionScheduleForFeatureUpdates
- - ExcludeWUDriversInQualityUpdate
- - SetDisablePauseUXAccess
- - SetDisableUXWUAccess
- - UpdateNotificationLevel
+ - AutoRestartDeadlinePeriodInDaysForFeatureUpdates
+ - EngagedRestartDeadlineForFeatureUpdates
+ - EngagedRestartSnoozeScheduleForFeatureUpdates
+ - EngagedRestartTransitionScheduleForFeatureUpdates
+ - ExcludeWUDriversInQualityUpdate
+ - SetDisablePauseUXAccess
+ - SetDisableUXWUAccess
+ - UpdateNotificationLevel
- [UnifiedWriteFilter > OverlayFlags](wcd-unifiedwritefilter.md#overlayflags)
- [UnifiedWriteFilter > ResetPersistentState](wcd-unifiedwritefilter.md#resetpersistentstate)
- [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md)
-
## Settings removed in Windows 10, version 1809
- [CellCore](wcd-cellcore.md)
- [Policies > Browser:](wcd-policies.md#browser)
- - AllowBrowser
- - PreventTabReloading
-
+ - AllowBrowser
+ - PreventTabReloading
diff --git a/windows/configuration/wcd/wcd-cleanpc.md b/windows/configuration/wcd/wcd-cleanpc.md
index d5cf3986fb..2ba7aebdf0 100644
--- a/windows/configuration/wcd/wcd-cleanpc.md
+++ b/windows/configuration/wcd/wcd-cleanpc.md
@@ -1,16 +1,8 @@
---
-title: CleanPC (Windows 10)
+title: CleanPC
description: This section describes the CleanPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# CleanPC (Windows Configuration Designer reference)
@@ -21,10 +13,10 @@ Use to remove user-installed and pre-installed applications, with the option to
| Settings | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| CleanPCRetainingUserData | ✔️ | | | |
-| CleanPCWithoutRetainingUserData | ✔️ | | | |
+| CleanPCRetainingUserData | ✅ | | | |
+| CleanPCWithoutRetainingUserData | ✅ | | | |
-For each setting, the options are **Enable** and **Not configured**.
+For each setting, the options are **Enable** and **Not configured**.
## Related topics
diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md
index dc3d949232..10e0ea8129 100644
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@@ -1,16 +1,8 @@
---
-title: Connections (Windows 10)
+title: Connections
description: This section describes the Connections settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Connections (Windows Configuration Designer reference)
@@ -20,13 +12,13 @@ Use to configure settings related to various types of phone connections.
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | |
-
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | ✅ | | |
For each setting group:
+
1. In **Available customizations**, select the setting group (such as **Cellular**), enter a friendly name for the connection, and then click **Add**.
-2. In **Available customizations**, select the name that you created.
+1. In **Available customizations**, select the name that you created.
## Cellular
@@ -34,12 +26,13 @@ See [CM_CellularEntries configuration service provider (CSP)](/windows/client-ma
## EnterpriseAPN
-See [Configure cellular settings for tablets and PCs](../provisioning-apn.md) and
+See [Configure cellular settings for tablets and PCs](../cellular/provisioning-apn.md) and
+
[EnterpriseAPN CSP](/windows/client-management/mdm/enterpriseapn-csp) for settings and values.
## General
-Use **General > DataRoam** to set the default value for the **Default roaming options** option in the **Settings > cellular + SIM** area on the device. Select between **DoNotRoam**, **DomesticRoaming**, or **InternationalRoaming**.
+Use **General > DataRoam** to set the default value for the **Default roaming options** option in the **Settings > cellular + SIM** area on the device. Select between **DoNotRoam**, **DomesticRoaming**, or **InternationalRoaming**.
## Policies
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index e66ad72ff5..78b91ceeb0 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -1,16 +1,8 @@
---
-title: ConnectivityProfiles (Windows 10)
+title: ConnectivityProfiles
description: This section describes the ConnectivityProfile settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# ConnectivityProfiles (Windows Configuration Designer reference)
@@ -21,21 +13,21 @@ Use to configure profiles that a user will connect with, such as an email accoun
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [Email](#email) | ✔️ | ✔️ | | |
-| [Exchange](#exchange) | ✔️ | ✔️ | | |
-| [KnownAccounts](#knownaccounts) | ✔️ | ✔️ | | |
-| [VPN](#vpn) | ✔️ | ✔️ | ✔️ | |
-| [WiFiSense](#wifisense) | ✔️ | ✔️ | | |
-| [WLAN](#wlan) | ✔️ | ✔️ | ✔️ | |
+| [Email](#email) | ✅ | ✅ | | |
+| [Exchange](#exchange) | ✅ | ✅ | | |
+| [KnownAccounts](#knownaccounts) | ✅ | ✅ | | |
+| [VPN](#vpn) | ✅ | ✅ | ✅ | |
+| [WiFiSense](#wifisense) | ✅ | ✅ | | |
+| [WLAN](#wlan) | ✅ | ✅ | ✅ | |
## Email
-Specify an email account to be automatically set up on the device.
+Specify an email account to be automatically set up on the device.
1. In **Available customizations**, select **Email**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure for each account. Settings in **bold** are required.
+1. In **Available customizations**, select the name that you created. The following table describes the settings you can configure for each account. Settings in **bold** are required.
-| Setting | Description |
+| Setting | Description |
| --- | --- |
| **AccountType** | Select between **Normal email** and **Visual voice mail** |
| AuthForOutgoingMail | Set to **True** if the outgoing server requires authentication |
@@ -61,27 +53,26 @@ Specify an email account to be automatically set up on the device.
Configure settings related to Exchange email server. These settings are related to the [ActiveSync configuration service provider (CSP)](/windows/client-management/mdm/activesync-csp).
-
1. In **Available customizations**, select **Exchange**, enter a name for the account, and then click **Add**. A globally unique identifier (GUID) is generated for the account.
-2. In **Available customizations**, select the GUID that you created. The following table describes the settings you can configure. Settings in **bold** are required.
+1. In **Available customizations**, select the GUID that you created. The following table describes the settings you can configure. Settings in **bold** are required.
-| Setting | Description |
-| --- | --- |
+| Setting | Description |
+|--|--|
| AccountIcon | Specify the location of the icon associated with the account.The account icon can be used as a tile in the Start list or as an icon in the applications list under **Settings > Email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at `res://AccountSettingsSharedRes{ScreenResolution}!%s.genericmail.png`. The suggested icon for Exchange Accounts is at `res://AccountSettingsSharedRes{ScreenResolution}!%s.office.outlook.png`. Custom icons can be added if desired. |
| **AccountName** | Enter the name that refers to the account on the device |
| **AccountType** | Select **Exchange** |
| **DiagnosticLogging** | Select whether to disable logging, enable basic logging, or enable advanced logging |
| Domain | Enter the domain name of the Exchange server |
| **EmailAddress** | Enter the email address associated with the Exchange ActiveSync account. |
-| **MailAgeFilter** | Specify the time window used for syncing email items to the device. Available values are:- All email is synced- Only email up to three days old is synced-Email up to a week old is synced (default)- Email up to two weeks old is synced- Email up to a month old is synced |
+| **MailAgeFilter** | Specify the time window used for syncing email items to the device. Available values are:- All email is synced- Only email up to three days old is synced-Email up to a week old is synced (default)- Email up to two weeks old is synced- Email up to a month old is synced |
| **Password** | Enter the password for the account |
| **Schedule** | Specify the time until the next sync is performed, in minutes. Available values are:- As items are received (default)- Sync manually- Every 15 minutes- Every 30 minutes- Every 60 minutes |
-| **ServerName**| Enter the server name used by the account |
+| **ServerName** | Enter the server name used by the account |
| SyncCalendar_Enable | Enable or disable calendar sync |
| SyncCalendar_Name | If you enable calendar sync, enter **Calendar** |
| SyncContacts_Enable | Enable or disable contacts sync |
| SyncContacts_Name | If you enable contacts sync, enter **Contacts** |
-| SyncEmail_Enable| Enable or disable email sync |
+| SyncEmail_Enable | Enable or disable email sync |
| SyncEmail_Name | If you enable email sync, enter **Email** |
| SyncTasks_Enable | Enable or disable tasks sync |
| SyncTasks_Name | If you enable tasks sync, enter **Tasks** |
@@ -109,10 +100,10 @@ Configure settings to change the default maximum transmission unit ([MTU](#mtu))
| ProtocolType | Select **VPNProtocolType** |
| TunnelMTU | Enter the desired MTU size, between **1** and **1500** |
-### VPN
+### VPN setting
1. In **Available customizations**, select **VPNSetting**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
+1. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -129,29 +120,29 @@ Configure settings to change the default maximum transmission unit ([MTU](#mtu))
When **ProfileType** is set to **Native**, the following extra settings are available.
-Setting | Description
---- | ---
-AuthenticationUserMethod | When you set **NativeProtocolType** to **IKEv2**, choose between **EAP** and **MSChapv2**.
-EAPConfiguration | When you set **AuthenticationUserMethod** to **EAP**, enter the HTML-encoded XML to configure EAP. For more information, see [EAP configuration](/windows/client-management/mdm/eap-configuration).
-NativeProtocolType | Choose between **PPTP**, **L2TP**, **IKEv2**, and **Automatic**.
-RoutingPolicyType | Choose between **SplitTunnel**, in which traffic can go over any interface as determined by the networking stack, and **ForceTunnel**, in which all IP traffic must go over the VPN interface.
-Server | Enter the public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm.
+| Setting | Description |
+|--|--|
+| AuthenticationUserMethod | When you set **NativeProtocolType** to **IKEv2**, choose between **EAP** and **MSChapv2**. |
+| EAPConfiguration | When you set **AuthenticationUserMethod** to **EAP**, enter the HTML-encoded XML to configure EAP. For more information, see [EAP configuration](/windows/client-management/mdm/eap-configuration). |
+| NativeProtocolType | Choose between **PPTP**, **L2TP**, **IKEv2**, and **Automatic**. |
+| RoutingPolicyType | Choose between **SplitTunnel**, in which traffic can go over any interface as determined by the networking stack, and **ForceTunnel**, in which all IP traffic must go over the VPN interface. |
+| Server | Enter the public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. |
When **ProfileType** is set to **Third Party**, the following extra settings are available.
-Setting | Description
---- |---
-PluginProfileCustomConfiguration | Enter HTML-encoded XML for SSL-VPN plug-in specific configuration, including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plug-in provider for format and other details. Most plug-ins can also configure values based on the server negotiations and defaults.
-PluginProfilePackageFamilyName | Choose between **Pulse Secure VPN**, **F5 VPN Client**, and **SonicWALL Mobile Connect**.
-PluginProfileServerUrlList | Enter a comma-separated list of servers in URL, hostname, or IP format.
+| Setting | Description |
+|--|--|
+| PluginProfileCustomConfiguration | Enter HTML-encoded XML for SSL-VPN plug-in specific configuration, including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plug-in provider for format and other details. Most plug-ins can also configure values based on the server negotiations and defaults. |
+| PluginProfilePackageFamilyName | Choose between **Pulse Secure VPN**, **F5 VPN Client**, and **SonicWALL Mobile Connect**. |
+| PluginProfileServerUrlList | Enter a comma-separated list of servers in URL, hostname, or IP format. |
## WiFiSense
-Configure settings related to Wi-Fi Sense.
+Configure settings related to Wi-Fi Sense.
### Config
-The **Config** settings are initial settings that can be overwritten when settings are pushed to the device by the cloud.
+The **Config** settings are initial settings that can be overwritten when settings are pushed to the device by the cloud.
| Setting | Description |
| --- | --- |
@@ -159,7 +150,7 @@ The **Config** settings are initial settings that can be overwritten when settin
| WiFiSharingOutlookInitial | Enable or disable sharing of Wi-Fi networks with Outlook contacts |
| WiFiSharingSkypeInitial | Enable or disable sharing of Wi-Fi networks with Skype contacts |
-### FirstBoot
+### FirstBoot
| Setting | Description |
| --- | --- |
@@ -167,11 +158,11 @@ The **Config** settings are initial settings that can be overwritten when settin
| DefaultAutoConnectSharedState | When enabled, the OOBE Wi-Fi Sense checkbox to share networks with contacts will be checked. |
| WiFiSenseAllowed | Enable or disable Wi-Fi Sense. Wi-Fi Sense features include auto-connect to Wi-Fi hotspots and credential sharing. |
-### SystemCapabilities
+### SystemCapabilities
-You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 10. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data is generated by the system to provide data that can be used to diagnose both software and hardware issues.
+You can use these settings to configure system capabilities for Wi-Fi adapters, which is a new functionality in Windows 1. These system capabilities are added at image time to ensure that the information is at its most accurate. The capabilities allow the OS to have a better understanding of the underlying hardware that it's running on. Diagnostic data is generated by the system to provide data that can be used to diagnose both software and hardware issues.
-| Setting | Description |
+| Setting | Description |
| --- | --- |
| CoexistenceSupport | Specify the type of co-existence that's supported on the device:- **Both**: Both Wi-Fi and Bluetooth work at the same performance level during co-existence- **Wi-Fi reduced**: On a 2X2 system, Wi-Fi performance is reduced to 1X1 level- **Bluetooth centered**: When co-existing, Bluetooth has priority and restricts Wi-Fi performance- **One**: Either Wi-Fi or Bluetooth will stop working |
| NumAntennaConnected | Enter the number of antennas that are connected to the WLAN radio |
@@ -179,18 +170,17 @@ You can use these settings to configure system capabilities for Wi-Fi adapters,
| WLANFunctionLevelDeviceResetSupported | Select whether the device supports functional level device reset (FLDR). The FLDR feature in the OS checks this system capability exclusively to determine if it can run. |
| WLANPlatformLevelDeviceResetSupported | Select whether the device supports platform level device reset (PLDR). The PLDR feature in the OS checks this system capability exclusively to determine if it can run. |
-
## WLAN
-Configure settings for wireless connectivity.
+Configure settings for wireless connectivity.
### Profiles
-**To add a profile**
+To add a profile:
1. Create [the wireless profile XML](/windows/win32/nativewifi/wireless-profile-samples).
-2. In **WLAN > Profiles**, browse to and select the profile XML file.
-3. Click **Add**.
+1. In **WLAN > Profiles**, browse to and select the profile XML file.
+1. Click **Add**.
### WLANXmlSettings
diff --git a/windows/configuration/wcd/wcd-countryandregion.md b/windows/configuration/wcd/wcd-countryandregion.md
index 8e9f623688..3259c08763 100644
--- a/windows/configuration/wcd/wcd-countryandregion.md
+++ b/windows/configuration/wcd/wcd-countryandregion.md
@@ -1,16 +1,8 @@
---
-title: CountryAndRegion (Windows 10)
+title: CountryAndRegion
description: This section describes the CountryAndRegion settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# CountryAndRegion (Windows Configuration Designer reference)
@@ -19,8 +11,8 @@ Use to configure a setting that partners must customize to ship Windows devices
## Applies to
-| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| CountryCodeForExtendedCapabilityPrompts | ✔️ | ✔️ | | |
+| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| CountryCodeForExtendedCapabilityPrompts | ✅ | ✅ | | |
-You can set the **CountryCodeForExtendedCapabilityPrompts** setting for **China** to enable additional capability prompts when apps use privacy-sensitive features (such as Contacts or Microphone).
+You can set the **CountryCodeForExtendedCapabilityPrompts** setting for **China** to enable additional capability prompts when apps use privacy-sensitive features (such as Contacts or Microphone).
diff --git a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
index 3c88652ff7..87e5f5b3ed 100644
--- a/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
+++ b/windows/configuration/wcd/wcd-desktopbackgroundandcolors.md
@@ -1,16 +1,8 @@
---
-title: DesktopBackgroundAndColors (Windows 10)
+title: DesktopBackgroundAndColors
description: This section describes the DesktopBackgrounAndColors settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/21/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# DesktopBackgroundAndColors (Windows Configuration Designer reference)
@@ -21,5 +13,4 @@ Do not use. Instead, use the [Personalization settings](wcd-personalization.md).
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
-
+| All settings | ✅ | | | |
diff --git a/windows/configuration/wcd/wcd-developersetup.md b/windows/configuration/wcd/wcd-developersetup.md
index 1820eebc0a..d288154379 100644
--- a/windows/configuration/wcd/wcd-developersetup.md
+++ b/windows/configuration/wcd/wcd-developersetup.md
@@ -1,16 +1,8 @@
---
-title: DeveloperSetup (Windows 10)
+title: DeveloperSetup
description: This section describes the DeveloperSetup settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# DeveloperSetup (Windows Configuration Designer reference)
@@ -21,9 +13,8 @@ Use to unlock developer mode on HoloLens devices and configure authentication to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [EnableDeveloperMode](#developersetupsettings-enabledevelopermode) | | | ✔️ | |
-| [AuthenticationMode](#windowsdeviceportalsettings-authentication-mode) | | | ✔️ | |
-
+| [EnableDeveloperMode](#developersetupsettings-enabledevelopermode) | | | ✅ | |
+| [AuthenticationMode](#windowsdeviceportalsettings-authentication-mode) | | | ✅ | |
## DeveloperSetupSettings: EnableDeveloperMode
diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md
index eb07550f1f..b695a08394 100644
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@@ -1,16 +1,8 @@
---
-title: DeviceFormFactor (Windows 10)
+title: DeviceFormFactor
description: This section describes the DeviceFormFactor setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# DeviceFormFactor (Windows Configuration Designer reference)
@@ -21,9 +13,9 @@ Use to identify the form factor of the device.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| DeviceForm | ✔️ | ✔️ | | |
+| DeviceForm | ✅ | ✅ | | |
-Specifies the device form factor running Windows 10. Generally, the device form is set by the original equipment manufacturer (OEM), however you might want to change the device form based on its usage in your organization.
+Specifies the device form factor running Windows 1. Generally, the device form is set by the original equipment manufacturer (OEM), however you might want to change the device form based on its usage in your organization.
DeviceForm supports the following features or components:
@@ -34,11 +26,11 @@ Select the appropriate form from the dropdown menu.
| Device form | Description |
| --- | --- |
-| Phone | A typical smartphone combines cellular connectivity, a touch screen, rechargeable power source, and other components into a single chassis. |
+| Phone | A typical smartphone combines cellular connectivity, a touch screen, rechargeable power source, and other components into a single chassis. |
| LargeScreen | Microsoft Surface Hub |
| HMD | (Head-mounted display) A holographic computer that is untethered - no wires, phones, or connection to a PC needed. |
-| IndustryHandheld | A device screen less than 7” diagonal designed for industrial solutions. May or may not have a cellular stack. |
-| IndustryTablet | A device with an integrated screen greater than 7” diagonal and no attached keyboard designed for industrial solutions as opposed to consumer personal computer. May or may not have a cellular stack. |
+| IndustryHandheld | A device screen less than 7" diagonal designed for industrial solutions. May or may not have a cellular stack. |
+| IndustryTablet | A device with an integrated screen greater than 7" diagonal and no attached keyboard designed for industrial solutions as opposed to consumer personal computer. May or may not have a cellular stack. |
| Banking | A machine at a bank branch or another location that enables customers to perform basic banking activities including withdrawing money and checking one's bank balance. |
| BuildingAutomation | A controller for industrial environments that can include the scheduling and automatic operation of certain systems such as conferencing, heating and air conditioning, and lighting. |
| DigitalSignage | A computer or playback device that's connected to a large digital screen and displays video or multimedia content for informational or advertising purposes. |
@@ -63,8 +55,3 @@ Select the appropriate form from the dropdown menu.
| AIO | An All-in-One (AIO) device is an evolution of the traditional desktop with an attached display. |
| Stick | A device that turns your TV into a Windows computer. Plug the stick into the HDMI slot on the TV and connect a USB or Bluetooth keyboard or mouse. |
| Puck | A small-size PC that users can use to plug in a monitor and keyboard. |
-
-
-
-
-
diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md
index 1f4744f0a1..045dc2a9f8 100644
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@@ -1,16 +1,8 @@
---
-title: DeviceManagement (Windows 10)
+title: DeviceManagement
description: This section describes the DeviceManagement setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# DeviceManagement (Windows Configuration Designer reference)
@@ -21,22 +13,22 @@ Use to configure device management settings.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [Accounts](#accounts) | ✔️ | ✔️ | | |
-| [PGList](#pglist) | ✔️ | ✔️ | | |
-| [Policies](#policies) | ✔️ | ✔️ | | |
-| [TrustedProvisioningSource](#trustedprovisioningsource) | ✔️ | ✔️ | | |
+| [Accounts](#accounts) | ✅ | ✅ | | |
+| [PGList](#pglist) | ✅ | ✅ | | |
+| [Policies](#policies) | ✅ | ✅ | | |
+| [TrustedProvisioningSource](#trustedprovisioningsource) | ✅ | ✅ | | |
## Accounts
1. In **Available customizations**, select **Accounts**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the account that you created. The following table describes the settings you can configure. Settings in **bold** are required.
+1. In **Available customizations**, select the account that you created. The following table describes the settings you can configure. Settings in **bold** are required.
-| Setting | Description |
+| Setting | Description |
| --- | --- |
| **Address** | Enter the OMA DM server address |
| **AddressType** | Choose between **IPv4** and **URI** for the type of OMA DM server address. The default value of **URI** specifies that the OMA DM account address is a URI address. A value of **IPv4** specifies that the OMA DM account address is an IP address. |
| **AppID** | Select **w7** |
-| Authentication > Credentials | 1. Select a credentials level (CLCRED or SRVCRED). A value of **CLCRED** indicates that the credentials client will authenticate itself to the OMA DM server at the OMA DM protocol level. A value of **SRVCRED** indicates that the credentials server will authenticate itself to the OMA DM Client at the OMA DM protocol level. 2. In **Available customizations**, select the level.3. For **Data**, enter the authentication nonce as a Base64 encoded string.4. For **Level**, select **CLCRED** or **SRVCRED**.5. For **Name**, enter the authentication name.6. For **Secret**, enter the password or secret used for authentication.7. For **Type**, select between **Basic**, **Digest**, and **HMAC**. For **CLCRED**, the supported values are **BASIC** and **DIGEST**. For **SRVCRED**, the supported value is **DIGEST**. |
+| Authentication > Credentials | 1. Select a credentials level (CLCRED or SRVCRED). A value of **CLCRED** indicates that the credentials client will authenticate itself to the OMA DM server at the OMA DM protocol level. A value of **SRVCRED** indicates that the credentials server will authenticate itself to the OMA DM Client at the OMA DM protocol level. 1. In **Available customizations**, select the level.1. For **Data**, enter the authentication nonce as a Base64 encoded string.1. For **Level**, select **CLCRED** or **SRVCRED**.1. For **Name**, enter the authentication name.1. For **Secret**, enter the password or secret used for authentication.1. For **Type**, select between **Basic**, **Digest**, and **HMAC**. For **CLCRED**, the supported values are **BASIC** and **DIGEST**. For **SRVCRED**, the supported value is **DIGEST**. |
| AuthenticationPreference | Select between **Basic**, **Digest**, and **HMAC** |
| BackCompatRetryDisabled | Specify whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr on subsequent attempts (not including the first time). The default value of "FALSE" indicates that backward-compatible retries are enabled. A value of "TRUE" indicates that backward-compatible retries are disabled. |
| ConnectionRetries | Enter a number to specify how many retries the DM client performs when there are Connection Manager-level or wininet-level errors. The default value is `3`. |
@@ -56,14 +48,13 @@ Use to configure device management settings.
| UseHardwareDeviceID | Specify whether to use the hardware ID for the ./DevInfo/DevID parameter in the DM account to identify the device |
| UseNonceResync | Specify whether the OMA DM client should use the nonce resynchronization procedure if the server trigger notification fails authentication |
-
## PGList
1. In **Available customizations**, select **PGList**, enter a LogicalProxyName, and then click **Add**.
-2. In **Available customizations**, select the LogicalProxyName that you created, and then select **PhysicalProxies**.
-3. Enter a PhysicalProxyName, and then click **Add**. The following table describes the settings you can configure for the physical proxy and for **Trust**.
+1. In **Available customizations**, select the LogicalProxyName that you created, and then select **PhysicalProxies**.
+1. Enter a PhysicalProxyName, and then click **Add**. The following table describes the settings you can configure for the physical proxy and for **Trust**.
-| Setting | Description |
+| Setting | Description |
| --- | --- |
| Address | Enter the address of the physical proxy |
| AddressType | Select between **E164**, **IPV4**, and **IPV^** for the format and protocol of the PXADDR element for a physical proxy |
@@ -71,7 +62,6 @@ Use to configure device management settings.
| PushEnabled | Select whether push operations are enabled |
| Trust | Specify whether or not the physical proxies in this logical proxy are privileged |
-
## Policies
The following table describes the settings you can configure for **Policies**.
diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md
index 8c9cbe5372..a4b4ecd9fb 100644
--- a/windows/configuration/wcd/wcd-deviceupdatecenter.md
+++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md
@@ -1,24 +1,16 @@
---
-title: DeviceUpdateCenter (Windows 10)
+title: DeviceUpdateCenter
description: This section describes the DeviceUpdateCenter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-manager: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# DeviceUpdateCenter (Windows Configuration Designer reference)
-Do not use **DeviceUpdateCenter** settings at this time.
+Do not use **DeviceUpdateCenter** settings at this time.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
-
+| All settings | ✅ | | | |
diff --git a/windows/configuration/wcd/wcd-dmclient.md b/windows/configuration/wcd/wcd-dmclient.md
index f5169b0cee..fb9ebf7b45 100644
--- a/windows/configuration/wcd/wcd-dmclient.md
+++ b/windows/configuration/wcd/wcd-dmclient.md
@@ -1,16 +1,8 @@
---
-title: DMClient (Windows 10)
+title: DMClient
description: This section describes the DMClient setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# DMClient (Windows Configuration Designer reference)
@@ -21,9 +13,9 @@ Use to specify enterprise-specific mobile device management configuration settin
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| UpdateManagementServiceAddress | ✔️ | ✔️ | | ✔️ |
+| UpdateManagementServiceAddress | ✅ | ✅ | | ✅ |
-For the **UpdateManagementServiceAddress** setting, enter a list of servers. The first server in the semi-colon delimited list is the server that will be used to instantiate MDM sessions.
+For the **UpdateManagementServiceAddress** setting, enter a list of servers. The first server in the semi-colon delimited list is the server that will be used to instantiate MDM sessions.
## Related topics
diff --git a/windows/configuration/wcd/wcd-editionupgrade.md b/windows/configuration/wcd/wcd-editionupgrade.md
index 99b9f9fc47..99aa041132 100644
--- a/windows/configuration/wcd/wcd-editionupgrade.md
+++ b/windows/configuration/wcd/wcd-editionupgrade.md
@@ -1,16 +1,8 @@
---
-title: EditionUpgrade (Windows 10)
+title: EditionUpgrade
description: This section describes the EditionUpgrade settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# EditionUpgrade (Windows Configuration Designer reference)
@@ -21,19 +13,17 @@ Use to upgrade the edition of Windows 10 on the device. [Learn about Windows 10
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [ChangeProductKey](#changeproductkey) | ✔️ | | | |
-| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | ✔️ | | ✔️ | |
-| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | ✔️ | | | |
-
+| [ChangeProductKey](#changeproductkey) | ✅ | | | |
+| [UpgradeEditionWithLicense](#upgradeeditionwithlicense) | ✅ | | ✅ | |
+| [UpgradeEditionWithProductKey](#upgradeeditionwithproductkey) | ✅ | | | |
## ChangeProductKey
-Enter a product key, which will be used to update the existing product key on the device.
+Enter a product key, which will be used to update the existing product key on the device.
## UpgradeEditionWithLicense
-Browse to and select a license XML file for the edition upgrade.
-
+Browse to and select a license XML file for the edition upgrade.
## UpgradeEditionWithProductKey
@@ -43,7 +33,6 @@ If a product key is entered in a provisioning package and the user begins instal
After the device restarts, the edition upgrade process completes. The user will receive a notification of the successful upgrade.
-
## Related topics
- [WindowsLicensing configuration service provider (CSP)](/windows/client-management/mdm/windowslicensing-csp)
diff --git a/windows/configuration/wcd/wcd-firewallconfiguration.md b/windows/configuration/wcd/wcd-firewallconfiguration.md
index 1310f33c30..bd8fc57ba2 100644
--- a/windows/configuration/wcd/wcd-firewallconfiguration.md
+++ b/windows/configuration/wcd/wcd-firewallconfiguration.md
@@ -1,16 +1,8 @@
---
-title: FirewallConfiguration (Windows 10)
+title: FirewallConfiguration
description: This section describes the FirewallConfiguration setting that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# FirewallConfiguration (Windows Configuration Designer reference)
@@ -21,10 +13,10 @@ Use to enable AllJoyn router to work on public networks.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| EnableAllJoynOnPublicNetwork | | | | ✔️ |
+| EnableAllJoynOnPublicNetwork | | | | ✅ |
Set to **True** or **False**.
## Related topics
-- [AllJoyn – Wikipedia](https://wikipedia.org/wiki/AllJoyn)
+- [AllJoyn - Wikipedia](https://wikipedia.org/wiki/AllJoyn)
diff --git a/windows/configuration/wcd/wcd-firstexperience.md b/windows/configuration/wcd/wcd-firstexperience.md
index 1c2b161ffa..d455bb3512 100644
--- a/windows/configuration/wcd/wcd-firstexperience.md
+++ b/windows/configuration/wcd/wcd-firstexperience.md
@@ -1,16 +1,8 @@
---
title: FirstExperience
description: This section describes the FirstExperience settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 08/08/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# FirstExperience (Windows Configuration Designer reference)
@@ -21,7 +13,7 @@ Use these settings to configure the out-of-box experience (OOBE) to set up HoloL
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | | | X | |
+| All settings | | | ✅ | |
| Setting | Description |
| --- | --- |
diff --git a/windows/configuration/wcd/wcd-folders.md b/windows/configuration/wcd/wcd-folders.md
index 05670e0935..6154ff3cdd 100644
--- a/windows/configuration/wcd/wcd-folders.md
+++ b/windows/configuration/wcd/wcd-folders.md
@@ -1,16 +1,8 @@
---
-title: Folders (Windows 10)
+title: Folders
description: This section describes the Folders settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Folders (Windows Configuration Designer reference)
@@ -21,6 +13,6 @@ Use to add files to the device.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| PublicDocuments | ✔️ | ✔️ | | |
+| PublicDocuments | ✅ | ✅ | | |
Browse to and select a file or files that will be included in the provisioning package and added to the public profile documents folder on the target device. You can use the **Relative path to directory on target device** field to create a new folder within the public profile documents folder.
diff --git a/windows/configuration/wcd/wcd-hotspot.md b/windows/configuration/wcd/wcd-hotspot.md
index 0fb6073692..381c7a7cfb 100644
--- a/windows/configuration/wcd/wcd-hotspot.md
+++ b/windows/configuration/wcd/wcd-hotspot.md
@@ -1,16 +1,8 @@
---
-title: HotSpot (Windows 10)
+title: HotSpot
description: This section describes the HotSpot settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 12/18/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# HotSpot (Windows Configuration Designer reference)
diff --git a/windows/configuration/wcd/wcd-kioskbrowser.md b/windows/configuration/wcd/wcd-kioskbrowser.md
index addcf27aad..d52d635478 100644
--- a/windows/configuration/wcd/wcd-kioskbrowser.md
+++ b/windows/configuration/wcd/wcd-kioskbrowser.md
@@ -1,16 +1,8 @@
---
-title: KioskBrowser (Windows 10)
+title: KioskBrowser
description: This section describes the KioskBrowser settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 10/02/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# KioskBrowser (Windows Configuration Designer reference)
@@ -21,26 +13,25 @@ Use KioskBrowser settings to configure Internet sharing.
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | | | | ✔️ |
+| All settings | | | | ✅ |
>[!NOTE]
>To configure Kiosk Browser settings for Windows client, go to [Policies > KioskBrowser](wcd-policies.md#kioskbrowser).
-Kiosk Browser settings | Use this setting to
---- | ---
-Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.
For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
-Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
-Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
-Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
-Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
-Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
+| Kiosk Browser settings | Use this setting to |
+|--|--|
+| Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards.
For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs. |
+| Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards.
If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. |
+| Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. |
+| Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. |
+| Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. |
+| Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. |
-> [!IMPORTANT]
-> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
->
-> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-> 3. Insert the null character string in between each URL (e.g www.bing.com``www.contoso.com).
-> 4. Save the XML file.
-> 5. Open the project again in Windows Configuration Designer.
-> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
+To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+
+1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
+1. Insert the null character string in between each URL (e.g https://www.bing.com``https://www.contoso.com).
+1. Save the XML file.
+1. Open the project again in Windows Configuration Designer.
+1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
diff --git a/windows/configuration/wcd/wcd-licensing.md b/windows/configuration/wcd/wcd-licensing.md
index a2135a483b..183f46a056 100644
--- a/windows/configuration/wcd/wcd-licensing.md
+++ b/windows/configuration/wcd/wcd-licensing.md
@@ -1,28 +1,20 @@
---
-title: Licensing (Windows 10)
+title: Licensing
description: This section describes the Licensing settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Licensing (Windows Configuration Designer reference)
-Use for settings related to Microsoft licensing programs.
+Use for settings related to Microsoft licensing programs.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✔️ | | | |
-| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✔️ | | | |
+| [AllowWindowsEntitlementReactivation](#allowwindowsentitlementreactivation) | ✅ | | | |
+| [DisallowKMSClientOnlineAVSValidation](#disallowkmsclientonlineavsvalidation) | ✅ | | | |
## AllowWindowsEntitlementReactivation
@@ -30,4 +22,5 @@ Enable or disable Windows license reactivation.
## DisallowKMSClientOnlineAVSValidation
-Enable this setting to prevent the device from sending data to Microsoft regarding its activation state.
+Enable this setting to prevent the device from sending data to Microsoft regarding its activation state.
+
diff --git a/windows/configuration/wcd/wcd-location.md b/windows/configuration/wcd/wcd-location.md
index bbc00f2648..577c704fa4 100644
--- a/windows/configuration/wcd/wcd-location.md
+++ b/windows/configuration/wcd/wcd-location.md
@@ -1,16 +1,8 @@
---
-title: Location (Windows 10)
+title: Location
description: This section describes the Location settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Location (Windows Configuration Designer reference)
@@ -21,7 +13,7 @@ Use Location settings to configure location services.
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [EnableLocation](#enablelocation) | | | | ✔️ |
+| [EnableLocation](#enablelocation) | | | | ✅ |
## EnableLocation
diff --git a/windows/configuration/wcd/wcd-maps.md b/windows/configuration/wcd/wcd-maps.md
index bf3aeccaf3..df82391f94 100644
--- a/windows/configuration/wcd/wcd-maps.md
+++ b/windows/configuration/wcd/wcd-maps.md
@@ -1,30 +1,21 @@
---
-title: Maps (Windows 10)
+title: Maps
description: This section describes the Maps settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Maps (Windows Configuration Designer reference)
-Use for settings related to Maps.
+Use for settings related to Maps.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [ChinaVariantWin10](#chinavariantwin10) | ✔️ | ✔️ | | |
-| [UseExternalStorage](#useexternalstorage) | ✔️ | ✔️ | | |
-| [UseSmallerCache](#usesmallercache) | ✔️ | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [ChinaVariantWin10](#chinavariantwin10) | ✅ | ✅ | | |
+| [UseExternalStorage](#useexternalstorage) | ✅ | ✅ | | |
+| [UseSmallerCache](#usesmallercache) | ✅ | ✅ | | |
## ChinaVariantWin10
@@ -32,7 +23,6 @@ Use **ChinaVariantWin10** to specify that the Windows device is intended to ship
This customization may result in different maps, servers, or other configuration changes on the device.
-
## UseExternalStorage
Use to store map data on an SD card.
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index 3e2ac6dce1..6f49b60792 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -1,35 +1,26 @@
---
-title: NetworkProxy (Windows 10)
+title: NetworkProxy
description: This section describes the NetworkProxy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# NetworkProxy (Windows Configuration Designer reference)
-Use for settings related to NetworkProxy.
+Use for settings related to NetworkProxy.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
## AutoDetect
-Automatically detect network proxy settings.
+Automatically detect network proxy settings.
-| Value | Description |
-| --- | --- |
+| Value | Description |
+|--|--|
| 0 | Disabled. Don't automatically detect settings. |
| 1 | Enabled. Automatically detect settings. |
@@ -38,16 +29,14 @@ Automatically detect network proxy settings.
Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings don't apply to VPN connections.
| Setting | Description |
-| --- | --- |
+|--|--|
| ProxyAddress | Address to the proxy server. Specify an address in the format `server:port`. |
| ProxyExceptions | Addresses that shouldn't use the proxy server. The system won't use the proxy server for addresses that begin with the values specified in this node. Use semicolons (;) to separate entries. |
-| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Don't use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
-
+| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Don't use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
## SetupScriptUrl
-Address to the PAC script you want to use.
-
+Address to the PAC script you want to use.
## Related topics
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index eb78b8e3fe..1eac44b82c 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -1,38 +1,30 @@
---
-title: NetworkQoSPolicy (Windows 10)
+title: NetworkQoSPolicy
description: This section describes the NetworkQoSPolicy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# NetworkQoSPolicy (Windows Configuration Designer reference)
-Use to create network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions.
+Use to create network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
1. In **Available customizations**, select **NetworkQoSPolicy**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure.
+1. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure.
| Setting | Description |
-| --- | --- |
-| AppPathNameMatchCondition | Enter the name of an application to be sued to match the network traffic, such as application.exe or %ProgramFiles%\application.exe. |
+|--|--|
+| AppPathNameMatchCondition | Enter the name of an application to be sued to match the network traffic, such as application.exe or %ProgramFiles%\application.exe. |
| DestinationPortMatchCondition | Specify a port or a range of ports to be used to match the network traffic. Valid values are [first port number]-[last port number], or [port number]. |
-| DSCPAction | Enter the differentiated services code point (DSCP) value to apply to match with network traffic. Valid values are 0-63. |
-| IPProtocolMatchCondition | Select between **Both TCP and UDP**, **TCP**, and **UDP** to specify the IP protocol used to match the network traffic. |
-| PriorityValue8021Action | Specify the IEEE 802.1p value. Valid values are 0 through 7. |
+| DSCPAction | Enter the differentiated services code point (DSCP) value to apply to match with network traffic. Valid values are 0-61. |
+| IPProtocolMatchCondition | Select between **Both TCP and UDP**, **TCP**, and **UDP** to specify the IP protocol used to match the network traffic. |
+| PriorityValue8021Action | Specify the IEEE 802.1p value. Valid values are 0 through 1. |
| SourcePortMatchCondition | Specify a single port or range of ports. Valid values are [first port number]-[last port number], or [port number]. |
## Related topics
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index 61c6c77b95..b5c47a481d 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -1,16 +1,8 @@
---
-title: OOBE (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: OOBE
description: This section describes the OOBE settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# OOBE (Windows Configuration Designer reference)
@@ -19,10 +11,10 @@ Use to configure settings for the [Out Of Box Experience (OOBE)](/windows-hardwa
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✔️ | | | |
-| [Desktop > HideOobe](#hideoobe-for-desktop) | ✔️ | | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [Desktop > EnableCortanaVoice](#enablecortanavoice) | ✅ | | | |
+| [Desktop > HideOobe](#hideoobe-for-desktop) | ✅ | | | |
## EnableCortanaVoice
@@ -30,10 +22,9 @@ Use this setting to control whether Cortana voice-over is enabled during OOBE. T
## HideOobe for desktop
-When set to **True**, it hides the interactive OOBE flow for Windows 10.
+When set to **True**, it hides the interactive OOBE flow for Windows 1.
> [!NOTE]
> You must create a user account if you set the value to true or the device will not be usable.
When set to **False**, the OOBE screens are displayed.
-
diff --git a/windows/configuration/wcd/wcd-personalization.md b/windows/configuration/wcd/wcd-personalization.md
index c6ab55142e..839b03e277 100644
--- a/windows/configuration/wcd/wcd-personalization.md
+++ b/windows/configuration/wcd/wcd-personalization.md
@@ -1,16 +1,8 @@
---
-title: Personalization (Windows 10)
+title: Personalization
description: This section describes the Personalization settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Personalization (Windows Configuration Designer reference)
@@ -21,16 +13,16 @@ Use to configure settings to personalize a PC.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [DeployDesktopImage](#deploydesktopimage) | ✔️ | | | |
-| [DeployLockScreenImage](#deploylockscreenimage) | ✔️ | | | |
-| [DesktopImageUrl](#desktopimageurl) | ✔️ | | | |
-| [LockScreenImageUrl](#lockscreenimageurl) | ✔️ | | | |
+| [DeployDesktopImage](#deploydesktopimage) | ✅ | | | |
+| [DeployLockScreenImage](#deploylockscreenimage) | ✅ | | | |
+| [DesktopImageUrl](#desktopimageurl) | ✅ | | | |
+| [LockScreenImageUrl](#lockscreenimageurl) | ✅ | | | |
## DeployDesktopImage
Deploy a .jpg, .jpeg, or .png image to the device to be used as a desktop image. If you have a local file and want to embed it into the package being deployed, you configure this setting and [DesktopImageUrl](#desktopimageurl).
-When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different.
+When using **DeployDesktopImage** and [DeployLockScreenImageFile](#deploylockscreenimage, the file names need to be different.
## DeployLockScreenImage
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index 449ba3ba75..6ef6203e11 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -1,351 +1,328 @@
---
-title: Policies (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: Policies
description: This section describes the Policies settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Policies (Windows Configuration Designer reference)
-This section describes the **Policies** settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer. Each setting below links to its supported values, as documented in the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider).
+This section describes the **Policies** settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer. Each setting below links to its supported values, as documented in the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider).
## AboveLock
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | | | |
-| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✔️ | | | |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowActionCenterNotifications](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowactioncenternotifications) | Allow Action Center notifications above the device lock screen. | | | | |
+| [AllowToasts](/windows/client-management/mdm/policy-configuration-service-provider#abovelock-allowtoasts) | Allow toast notifications above the device lock screen. | ✅ | | | |
## Accounts
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✔️ | | | |
-| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✔️ | | ✔️ | |
-| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✔️ | | | |
-| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✔️ | | | |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAddingNonMicrosoftAccountManually](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowaddingnonmicrosoftaccountsmanually) | Whether users can add non-Microsoft email accounts | ✅ | | | |
+| [AllowMicrosoftAccountConnection](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountconnection) | Whether users can use a Microsoft account for non-email-related connection authentication and services | ✅ | | ✅ | |
+| [AllowMicrosoftAccountSigninAssistant](/windows/client-management/mdm/policy-configuration-service-provider#accounts-allowmicrosoftaccountsigninassistant) | Disable the **Microsoft Account Sign-In Assistant** (wlidsvc) NT service | ✅ | | | |
+| [DomainNamesForEmailSync](/windows/client-management/mdm/policy-configuration-service-provider#accounts-domainnamesforemailsync) | List of domains that are allowed to sync email on the devices | ✅ | | | |
## ApplicationDefaults
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [DefaultAssociationsConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#applicationdefaults-defaultassociationsconfiguration) | Set default file type and protocol associations | ✅ | | | |
## ApplicationManagement
-
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | | | ✔️ |
-| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | | | ✔️ |
-| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting are allowed | ✔️ | | | |
-| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | | | |
-| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | |
-| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allowlist, disallow list, etc. | | | | |
-| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | |
-| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | | | ✔️ |
-| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | | | ✔️ |
-
-
-
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✅ | | | ✅ |
+| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✅ | | | ✅ |
+| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✅ | ✅ | ✅ | ✅ |
+| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) | Whether DVR and broadcasting are allowed | ✅ | | | |
+| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✅ | | | |
+| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | |
+| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allowlist, disallow list, etc. | | | | |
+| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) | Whether to launch an app or apps when the user signs in. | ✅ | | | |
+| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✅ | | | ✅ |
+| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✅ | | | ✅ |
## Authentication
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | | ✔️ |
-| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows sign-in support for non-ADFS federated providers (for example, SAML). | ✔️ | ✔️ | | ✔️ |
-| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | | ✔️ |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✅ | ✅ | ✅ | ✅ |
+| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✅ | ✅ | | ✅ |
+| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows sign-in support for non-ADFS federated providers (for example, SAML). | ✅ | ✅ | | ✅ |
+| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✅ | ✅ | | ✅ |
## BitLocker
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [EncryptionMethod](/windows/client-management/mdm/policy-configuration-service-provider#bitlocker-encryptionmethod) | Specify BitLocker drive encryption method and cipher strength | ✅ | | | |
## Bluetooth
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✔️ | ✔️ | ✔️ | ✔️ |
-| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✔️ | ✔️ | ✔️ | ✔️ |
-| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✔️ | ✔️ | ✔️ | ✔️ |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAdvertising](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowadvertising) | Whether the device can send out Bluetooth advertisements | ✅ | ✅ | ✅ | ✅ |
+| [AllowDiscoverableMode](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowdiscoverablemode) | Whether other Bluetooth-enabled devices can discover the device | ✅ | ✅ | ✅ | ✅ |
+| [AllowPrepairing](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-allowprepairing) | Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device | ✅ | ✅ | ✅ | ✅ |
+| AllowPromptedProximalConnections | Whether Windows will prompt users when Bluetooth devices that are connectable are in range of the user's device | ✅ | ✅ | ✅ | ✅ |
+| [LocalDeviceName](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-localdevicename) | Set the local Bluetooth device name | ✅ | ✅ | ✅ | ✅ |
+| [ServicesAllowedList](/windows/client-management/mdm/policy-configuration-service-provider#bluetooth-servicesallowedlist) | Set a list of allowable services and profiles | ✅ | ✅ | ✅ | ✅ |
## Browser
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✔️ | | | |
-| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✔️ | | | |
-[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | | | |
-| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | |
-| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do not Track headers are allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | |
-| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | |
-| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | |
-| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✔️ | ✔️ | | ✔️ |
-| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✔️ | | ✔️ | |
-| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✔️ | | | |
-| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✔️ | | | |
-| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
-| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✔️ | ✔️ | | ✔️ |
-| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✔️ | | | |
-| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✔️ | | | |
-| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | | ✔️ |
-[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | | | |
-| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | |
-| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to five more search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
-| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | |
-| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it's selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | |
-| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | |
-| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | |
-| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | |
-| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | |
-| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | |
-[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send more diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | |
-| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | |
-| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | |
-| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it's opened for the first time. | ✔️ | | | |
-| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | |
-[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | | | |
-| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | | ✔️ |
-| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✔️ | ✔️ | | ✔️ |
-| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✔️ | | | |
-| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✔️ | ✔️ | | ✔️ |
-| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | | ✔️ |
-| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | | ✔️ |
-PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | |
-| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users can't turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | |
-| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | | ✔️ |
-[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites that will appear for employees. | ✔️ | | | |
-| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | |
-| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | | ✔️ |
-| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | |
-| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✔️ | | | |
-| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✔️ | | | |
-| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✔️ | | | |
-| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✔️ | | | |
-[UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✔️ | | | |
-
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowAddressBarDropdown](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowaddressbardropdown) | Specify whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. | ✅ | | | |
+| [AllowAutofill](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowautofill) | Specify whether autofill on websites is allowed. | ✅ | ✅ | | ✅ |
+| [AllowBrowser](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowbrowser) | Specify whether the browser is allowed on the device (for Windows 10, version 1803 and earlier only). | ✅ | | | |
+| [AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✅ | | | |
+| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✅ | ✅ | | ✅ |
+| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✅ | | | |
+| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do not Track headers are allowed. | ✅ | ✅ | | ✅ |
+| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✅ | | | |
+| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✅ | | | |
+| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✅ | | | |
+| [AllowFullScreenMode](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowfullscreenmode) | Specify whether full-screen mode is allowed. | ✅ | ✅ | | ✅ |
+| [AllowInPrivate](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowinprivate) | Specify whether InPrivate browsing is allowed on corporate networks. | ✅ | ✅ | | ✅ |
+| [AllowMicrosoftCompatibilityList](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowmicrosoftcompatibilitylist) | Specify whether to use the Microsoft compatibility list in Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [AllowPasswordManager](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpasswordmanager) | Specify whether saving and managing passwords locally on the device is allowed. | ✅ | ✅ | | ✅ |
+| [AllowPopups](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowpopups) | Specify whether pop-up blocker is allowed or enabled. | ✅ | | ✅ | |
+| [AllowPrelaunch](/windows/client-management/mdm/policy-csp-browser#browser-allowprelaunch) | Specify whether Microsoft Edge can pre-launch as a background process during Windows startup when the system is idle waiting to be launched by the user. | ✅ | | | |
+| [AllowPrinting](/windows/client-management/mdm/policy-csp-browser#browser-allowprinting) | Specify whether users can print web content in Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [AllowSavingHistory](/windows/client-management/mdm/policy-csp-browser#browser-allowsavinghistory) | Specify whether Microsoft Edge saves the browsing history. | ✅ | | | |
+| [AllowSearchEngineCustomization](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchenginecustomization) | Allow search engine customization for MDM-enrolled devices. | ✅ | ✅ | | ✅ |
+| [AllowSearchSuggestionsinAddressBar](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsearchsuggestionsinaddressbar) | Specify whether search suggestions are allowed in the address bar. | ✅ | ✅ | | ✅ |
+| [AllowSideloadingOfExtensions](/windows/client-management/mdm/policy-csp-browser#browser-allowsideloadingofextensions) | Specify whether extensions can be sideloaded in Microsoft Edge. | ✅ | | | |
+| [AllowSmartScreen](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowsmartscreen) | Specify whether Windows Defender SmartScreen is allowed. | ✅ | ✅ | ✅ | ✅ |
+| [AllowTabPreloading](/windows/client-management/mdm/policy-csp-browser#browser-allowtabpreloading) | Specify whether preloading the Start and New tab pages during Windows sign-in is allowed. | ✅ | | | |
+| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✅ | ✅ | | ✅ |
+| [AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✅ | | | |
+| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✅ | | | |
+| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to five more search engines for MDM-enrolled devices. | ✅ | ✅ | | ✅ |
+| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✅ | | | |
+| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it's selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✅ | | | |
+| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✅ | | | |
+| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✅ | | | |
+| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✅ | | | |
+| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✅ | | | |
+| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✅ | | | |
+| [EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send more diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✅ | ✅ | | |
+| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✅ | | | |
+| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✅ | | | |
+| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it's opened for the first time. | ✅ | | | |
+| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✅ | | | |
+| [LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✅ | | | |
+| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✅ | ✅ | | ✅ |
+| [PreventCertErrorOverrides](/windows/client-management/mdm/policy-csp-browser#browser-preventcerterroroverrides) | Specify whether to override security warnings about sites that have SSL errors. | ✅ | ✅ | | ✅ |
+| [PreventFirstRunPage](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventfirstrunpage) | Specify whether to enable or disable the First Run webpage. | ✅ | | | |
+| [PreventLiveTileDataCollection](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventlivetiledatacollection) | Specify whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge. | ✅ | ✅ | | ✅ |
+| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✅ | ✅ | | ✅ |
+| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✅ | ✅ | | ✅ |
+| PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✅ | | | |
+| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users can't turn off, using a semi-colon delimited list of extension package family names. | ✅ | | | |
+| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✅ | ✅ | | ✅ |
+| [ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites that will appear for employees. | ✅ | | | |
+| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✅ | | | |
+| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✅ | ✅ | | ✅ |
+| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✅ | | | |
+| [SetNewTabPageURL](/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl) | Specify a custom URL for a New tab page. | ✅ | | | |
+| [ShowMessageWhenOpeningSitesInInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-showmessagewhenopeningsitesininternetexplorer) | Specify whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site list. | ✅ | | | |
+| [SyncFavoritesBetweenIEAndMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-syncfavoritesbetweenieandmicrosoftedge) | Specify whether favorites are kept in sync between Internet Explorer and Microsoft Edge. | ✅ | | | |
+| [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) | Specify whether users can make changes to the Home button. | ✅ | | | |
+| [UseSharedFolderForBooks](/windows/client-management/mdm/policy-csp-browser#browser-usesharedfolderforbooks) | Specify whether organizations should use a folder shared across users to store books from the Books Library. | ✅ | | | |
## Camera
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✔️ | ✔️ | | |
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowCamera](/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | ✅ | ✅ | | |
## Connectivity
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✔️ | ✔️ | | ✔️ |
-| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✔️ | ✔️ | | ✔️ |
-| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✔️ | ✔️ | | ✔️ |
-| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✔️ |
-| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✔️ |
-| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. |✔️ | ✔️ | | ✔️ |
-| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✔️ | ✔️ | | ✔️ |
-| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✔️ | ✔️ | | ✔️ |
-| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✔️ | ✔️ | | ✔️ |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowBluetooth](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowbluetooth) | Allow the user to enable Bluetooth or restrict access. | ✅ | ✅ | ✅ | ✅ |
+| [AllowCellularData](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardata) | Allow the cellular data channel on the device. | ✅ | ✅ | | ✅ |
+| [AllowCellularDataRoaming](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowcellulardataroaming) | Allow or disallow cellular data roaming on the device. | ✅ | ✅ | | ✅ |
+| [AllowConnectedDevices](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowconnecteddevices) | Allows IT admins the ability to disable the Connected Devices Platform component. | ✅ | ✅ | | ✅ |
+| [AllowNFC](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allownfc) | Allow or disallow near field communication (NFC) on the device. | | | | ✅ |
+| [AllowUSBConnection](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowusbconnection) | Enable USB connection between the device and a computer to sync files with the device or to use developer tools or to deploy or debug applications. | | | | ✅ |
+| [AllowVPNOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnovercellular) | Specify what type of underlying connections VPN is allowed to use. | ✅ | ✅ | | ✅ |
+| [AllowVPNRoamingOverCellular](/windows/client-management/mdm/policy-configuration-service-provider#connectivity-allowvpnroamingovercellular) | Prevent the device from connecting to VPN when the device roams over cellular networks. | ✅ | ✅ | | ✅ |
+| HideCellularConnectionMode | Hide the checkbox that lets the user change the connection mode. | ✅ | ✅ | | ✅ |
+| HideCellularRoamingOption | Hide the dropdown menu that lets the user change the roaming preferences. | ✅ | ✅ | | ✅ |
## CredentialProviders
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered, the devices are for ready for use by information workers or students. | ✔️ | | | |
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered, the devices are for ready for use by information workers or students. | ✅ | | | |
## Cryptography
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✔️ | | | |
-| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowFipsAlgorithmPolicy](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-allowfipsalgorithmpolicy) | Allow or disallow the Federal Information Processing Standard (FIPS) policy. | ✅ | | | |
+| [TLSCiperSuites](/windows/client-management/mdm/policy-configuration-service-provider#cryptography-tlsciphersuites) | List the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win. | ✅ | | | |
## Defender
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✔️ | | | |
-| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✔️ | | | |
-| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✔️ | | | |
-| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✔️ | | | |
-| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✔️ | | | |
-| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✔️ | | | |
-| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✔️ | | | |
-| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✔️ | | | |
-| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✔️ | | | |
-| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✔️ | | | |
-| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✔️ | | | |
-| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✔️ | | | |
-| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✔️ | | | |
-| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✔️ | | | |
-| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | |
-| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✔️ | | | |
-| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | |
-| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself isn't excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | |
-| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | |
-| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | |
-| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | |
-| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✔️ | | | |
-| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✔️ | | | |
-| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✔️ | | | |
-| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✔️ | | | |
-| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✔️ | | | |
+| [AllowArchiveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowarchivescanning) | Allow or disallow scanning of archives. | ✅ | | | |
+| [AllowBehaviorMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowbehaviormonitoring) | Allow or disallow Windows Defender Behavior Monitoring functionality. | ✅ | | | |
+| [AllowCloudProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowcloudprotection) | To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions. | ✅ | | | |
+| [AllowEmailScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowemailscanning) | Allow or disallow scanning of email. | ✅ | | | |
+| [AllowFullScanOnMappedNetworkDrives](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanonmappednetworkdrives) | Allow or disallow a full scan of mapped network drives. | ✅ | | | |
+| [AllowFullScanRemovableDriveScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowfullscanremovabledrivescanning) | Allow or disallow a full scan of removable drives. | ✅ | | | |
+| [AllowIntrusionPreventionSystem](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowintrusionpreventionsystem) | Allow or disallow Windows Defender Intrusion Prevention functionality. | ✅ | | | |
+| [AllowIOAVProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowioavprotection) | Allow or disallow Windows Defender IOAVP Protection functionality. | ✅ | | | |
+| [AllowOnAccessProtection](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowonaccessprotection) | Allow or disallow Windows Defender On Access Protection functionality. | ✅ | | | |
+| [AllowRealtimeMonitoring](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowrealtimemonitoring) | Allow or disallow Windows Defender Realtime Monitoring functionality. | ✅ | | | |
+| [AllowScanningNetworkFiles](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscanningnetworkfiles) | Allow or disallow scanning of network files. | ✅ | | | |
+| [AllowScriptScanning](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowscriptscanning) | Allow or disallow Windows Defender Script Scanning functionality. | ✅ | | | |
+| [AllowUserUIAccess](/windows/client-management/mdm/policy-configuration-service-provider#defender-allowuseruiaccess) | Allow or disallow user access to the Windows Defender UI. | ✅ | | | |
+| [AvgCPULoadFactor](/windows/client-management/mdm/policy-configuration-service-provider#defender-avgcpuloadfactor) | Represents the average CPU load factor for the Windows Defender scan (in percent). | ✅ | | | |
+| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✅ | | | |
+| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✅ | | | |
+| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✅ | | | |
+| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself isn't excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✅ | | | |
+| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✅ | | | |
+| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✅ | | | |
+| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✅ | | | |
+| [ScheduleScanDay](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescanday) | Select the day that Windows Defender scan should run. | ✅ | | | |
+| [ScheduleScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulescantime) | Select the time of day that the Windows Defender scan should run. | ✅ | | | |
+| [SignatureUpdateInterval](/windows/client-management/mdm/policy-configuration-service-provider#defender-signatureupdateinterval) | Specify the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval. | ✅ | | | |
+| [SubmitSamplesConsent](/windows/client-management/mdm/policy-configuration-service-provider#defender-submitsamplesconsent) | Checks for the user consent level in Windows Defender to send data. | ✅ | | | |
+| [ThreatSeverityDefaultAction](/windows/client-management/mdm/policy-configuration-service-provider#defender-threatseveritydefaultaction) | Specify any valid threat severity levels and the corresponding default action ID to take. | ✅ | | | |
## DeliveryOptimization
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✔️ | | | |
-| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✔️ | | | |
-| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✔️ | | | |
-| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✔️ | | | |
-| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✔️ | | | |
-| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✔️ | | | |
-| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✔️ | | | |
-| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✔️ | | | |
-| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✔️ | | | |
-| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✔️ | | | |
-| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization. | ✔️ | | | |
-| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✔️ | | | |
-| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✔️ | | | |
-| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✔️ | | | |
-| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✔️ | | | |
-| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✔️ | | | |
-| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✔️ | | | |
-| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✔️ | | | |
-| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✔️ | | | |
-| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
-| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✔️ | | | |
+| [DOAbsoluteMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doabsolutemaxcachesize) | Specify the maximum size in GB of Delivery Optimization cache. | ✅ | | | |
+| [DOAllowVPNPeerCaching](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-doallowvpnpeercaching) | Specify whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. | ✅ | | | |
+| [DODelayBackgroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelaybackgrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a background download that is allowed to use peer-to-peer. | ✅ | | | |
+| [DODelayForegroundDownloadFromHttp](/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodelayforegrounddownloadfromhttp) | Allows you to delay the use of an HTTP source in a foreground (interactive) download that is allowed to use peer-to-peer. | ✅ | | | |
+| [DODownloadMode](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dodownloadmode) | Specify the download method that Delivery Optimization can use in downloads of Windows Updates, apps, and app updates. | ✅ | | | |
+| [DOGroupId](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupid) | Specify an arbitrary group ID that the device belongs to. | ✅ | | | |
+| [DOGroupIdSource](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dogroupidsource) | Set this policy to restrict peer selection to a specific source | ✅ | | | |
+| [DOMaxCacheAge](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcacheage) | Specify the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. | ✅ | | | |
+| [DOMaxCacheSize](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxcachesize) | Specify the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100). | ✅ | | | |
+| [DOMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxdownloadbandwidth) | Specify the maximum download bandwidth in kilobytes/second that the device can use across all concurrent download activities using Delivery Optimization. | ✅ | | | |
+| [DOMaxUploadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domaxuploadbandwidth) | Specify the maximum upload bandwidth in kilobytes/second that a device will use across all concurrent upload activity using Delivery Optimization. | ✅ | | | |
+| [DOMinBackgroundQos](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbackgroundqos) | Specify the minimum download QoS (Quality of Service or speed) i kilobytes/second for background downloads. | ✅ | | | |
+| [DOMinBatteryPercentageAllowedToUpload](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominbatterypercentageallowedtoupload) | Specify any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and group peers while on battery power. | ✅ | | | |
+| [DOMinDiskSizeAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domindisksizeallowedtopeer) | Specify the required minimum disk size (capacity in GB) for the device to use Peer Caching. | ✅ | | | |
+| [DOMinFileSizeToCache](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominfilesizetocache) | Specify the minimum content file size in MB enabled to use Peer Caching. | ✅ | | | |
+| [DOMinRAMAllowedToPeer](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dominramallowedtopeer) | Specify the minimum RAM size in GB required to use Peer Caching. | ✅ | | | |
+| [DOModifyCacheDrive](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domodifycachedrive) | Specify the drive that Delivery Optimization should use for its cache. | ✅ | | | |
+| [DOMonthlyUploadDataCap](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-domonthlyuploaddatacap) | Specify the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month. | ✅ | | | |
+| [DOPercentageMaxBackDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxbackgroundbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOPercentageMaxDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxdownloadbandwidth) | Specify the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOPercentageMaxForeDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dopercentagemaxforegroundbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DORestrictPeerSelectionBy](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dorestrictpeerselectionby) | Set this policy to restrict peer selection by the selected option. | ✅ | | | |
+| [DOSetHoursToLimitBackgroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitbackgrounddownloadbandwidth) | Specify the maximum background download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
+| [DOSetHoursToLimitForegroundDownloadBandwidth](/windows/client-management/mdm/policy-configuration-service-provider#deliveryoptimization-dosethourstolimitforegrounddownloadbandwidth) | Specify the maximum foreground download bandwidth that Delivery Optimization uses during and outside business hours across all concurrent download activities as a percentage of available download bandwidth. | ✅ | | | |
## DeviceGuard
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✔️ | | | |
+[EnableVirtualizationBasedSecurity](/windows/client-management/mdm/policy-csp-deviceguard) | Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. | ✅ | | | |
## DeviceLock
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
+| --- | --- | :---: | :---: | :---: | :---: |
| [AllowIdleReturnWithoutPassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowidlereturnwithoutpassword) | Specify whether the user must input a PIN or password when the device resumes from an idle state. | | | | |
| [AllowScreenTimeoutWhileLockedUserConfig](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowscreentimeoutwhilelockeduserconfig) | Specify whether to show a user-configurable setting to control the screen timeout while on the lock screen. | | | | |
-| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✔️ | | ✔️ | |
-|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✔️ | | ✔️ | |
-| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✔️ | | ✔️ | |
-| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✔️ | | ✔️ | |
-| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✔️ | | ✔️ | |
-| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✔️ | | ✔️ | |
-| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✔️ | | ✔️ | |
-| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✔️ | | ✔️ | |
-| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✔️ | | ✔️ | |
+| [AllowSimpleDevicePassword](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-allowsimpledevicepassword) | Specify whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords. | ✅ | | ✅ | |
+|[AlphanumericDevicePasswordRequired](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-alphanumericdevicepasswordrequired) | Select the type of PIN or password required. | ✅ | | ✅ | |
+| [DevicePasswordEnabled](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordenabled) | Specify whether device password is enabled. | ✅ | | ✅ | |
+| [DevicePasswordExpiration](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordexpiration) | Specify when the password expires (in days). | ✅ | | ✅ | |
+| [DevicePasswordHistory](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-devicepasswordhistory) | Specify how many passwords can be stored in the history that can't be reused. | ✅ | | ✅ | |
+| [MaxDevicePasswordFailedAttempts](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxdevicepasswordfailedattempts) | Specify the number of authentication failures allowed before the device will be wiped. | ✅ | | ✅ | |
+| [MaxInactivityTimeDeviceLock](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-maxinactivitytimedevicelock) |Specify the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. | ✅ | | ✅ | |
+| [MinDevicePasswordComplexCharacters](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordcomplexcharacters) | Specify the number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password. | ✅ | | ✅ | |
+| [MinDevicePasswordLength](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-mindevicepasswordlength) | Specify the minimum number or characters required in the PIN or password. | ✅ | | ✅ | |
| [ScreenTimeoutWhileLocked](/windows/client-management/mdm/policy-configuration-service-provider#devicelock-screentimeoutwhilelocked) | Specify the duration in seconds for the screen timeout while on the lock screen. | | | | |
-
## DeviceManagement
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✔️ | | | |
-
-
+| DisableMDMEnrollment | Use this setting to prevent the device from enrolling in MDM. | ✅ | | | |
## Experience
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste are allowed. | | | | |
-| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | | ✔️ | |
-| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | | | |
-| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | | | |
-| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✔️ | | ✔️ | |
+| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✅ | | ✅ | |
+| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✅ | | | |
+| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✅ | | | |
+| [AllowManualMDMUnenrollment](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowmanualmdmunenrollment) | Specify whether the user is allowed to delete the workplace account. | ✅ | | ✅ | |
| [AllowScreenCapture](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowscreencapture) | Specify whether screen capture is allowed. | | | | |
| [AllowSIMErrorDialogPromptWhenNoSIM](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsimerrordialogpromptwhennosim) | Specify whether to display a dialog prompt when no SIM card is detected. | | | | |
-| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✔️ | | | |
-| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✔️ | | | |
+| [AllowSyncMySettings](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowsyncmysettings) | Allow or disallow all Windows sync settings on the device. | ✅ | | | |
+| [AllowTailoredExperiencesWithDiagnosticData](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtailoredexperienceswithdiagnosticdata) | Prevent Windows from using diagnostic data to provide customized experiences to the user. | ✅ | | | |
| [AllowTaskSwitcher](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowtaskswitcher) | Allow or disallow task switching on the device. | | | | |
-| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✔️ | | | |
+| [AllowThirdPartySuggestionsInWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowthirdpartysuggestionsinwindowsspotlight) | Specify whether to allow app and content suggestions from third-party software publishers in Windows Spotlight. | ✅ | | | |
| [AllowVoiceRecording](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowvoicerecording) | Specify whether voice recording is allowed for apps. | | | | |
-| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✔️ | | | |
-| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✔️ | | | |
-| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✔️ | | | |
-| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✔️ | | | |
-| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✔️ | | | |
-| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✔️ | | | |
+| [AllowWindowsConsumerFeatures](/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsconsumerfeatures) | Turn on experiences that are typically for consumers only, such as Start suggestions, membership notifications, post-OOBE app install, and redirect tiles. | ✅ | | | |
+| [AllowWindowsSpotlight](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlight) |Specify whether to turn off all Windows Spotlight features at once. | ✅ | | | |
+| [AllowWindowsSpotlightOnActionCenter](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightonactioncenter) | Prevent Windows Spotlight notifications from being displayed in the Action Center. | ✅ | | | |
+| [AllowWindowsSpotlightWindowsWelcomeExperience](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowsspotlightwindowswelcomeexperience) | Turn off the Windows Spotlight Windows welcome experience feature. | ✅ | | | |
+| [AllowWindowsTips](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowwindowstips) | Enable or disable Windows Tips. | ✅ | | | |
+| [ConfigureWindowsSpotlightOnLockScreen](/windows/client-management/mdm/policy-configuration-service-provider#experience-configurewindowsspotlightonlockscreen) | Specify whether Spotlight should be used on the user's lock screen. | ✅ | | | |
## ExploitGuard
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✔️ | | | |
-
+| --- | --- | :---: | :---: | :---: | :---: |
+| [ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) | See the [explanation of ExploitProtectionSettings](/windows/client-management/mdm/policy-csp-exploitguard) in the Policy CSP for instructions. In the **ExploitProtectionSettings** field, you can enter a path (local, UNC, or URI) to the mitigation options config, or you can enter the XML for the config. | ✅ | | | |
## Games
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✔️ | | | |
-
+| [AllowAdvancedGamingServices](/windows/client-management/mdm/policy-configuration-service-provider#games-allowadvancedgamingservices) | Currently not supported. | ✅ | | | |
## KioskBrowser
-These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
+These settings apply to the **Kiosk Browser** app available in Microsoft Store. For more information, see [Guidelines for web browsers](../kiosk/guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This setting is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | |
-|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This setting is used to configure blocked URLs kiosk browsers can't navigate to. | ✔️ | | | |
-|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | |
-|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | |
-|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | |
-|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | |
-|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This setting is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✅ | | | |
+|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This setting is used to configure blocked URLs kiosk browsers can't navigate to. | ✅ | | | |
+|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✅ | | | |
+|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✅ | | | |
+|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✅ | | | |
+|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✅ | | | |
+|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. | ✅ | | | |
To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
-3. Insert the null character string in between each URL (e.g www.bing.comwww.contoso.com).
-4. Save the XML file.
-5. Open the project again in Windows Configuration Designer.
-6. Export the package. Ensure you don't revisit the created policies under Kiosk Browser or else the null character will be removed.
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
+1. Insert the null character string in between each URL (e.g https://www.bing.comwww.contoso.com).
+1. Save the XML file.
+1. Open the project again in Windows Configuration Designer.
+1. Export the package. Ensure you don't revisit the created policies under Kiosk Browser or else the null character will be removed.
## LocalPoliciesSecurityOptions
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✔️ | | | |
-| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✔️ | | | |
-| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✔️ | | | |
+| [InteractiveLogon_DoNotDisplayLastSignedIn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | ✅ | | | |
+| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | ✅ | | | |
+| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | ✅ | | | |
## Location
@@ -356,69 +333,66 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
## Power
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✔️ | | | |
-| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✔️ | | | |
-| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✔️ | | | |
-| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✔️ | | | |
-| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✔️ | | | |
-| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✔️ | | | |
-| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✔️ | | | |
-| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✔️ | | | |
-| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✔️ | | | |
-| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✔️ | | | |
-| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✔️ | | | |
-| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✔️ | | | |
-| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✔️ | | | |
-| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✔️ | | | |
-| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✔️ | | | |
-| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✔️ | | | |
-| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✔️ | | | |
-| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | |
-| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | |
-| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | |
-| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while on battery. | ✔️ | | | |
-| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while plugged in. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowStandbyStatesWhenSleepingOnBattery](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | ✅ | | | |
+| [AllowStandbyWhenSleepingPluggedIn](/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | ✅ | | | |
+| [DisplayOffTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | ✅ | | | |
+| [DisplayOffTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | ✅ | | | |
+| [EnergySaverBatteryThresholdOnBattery](/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | ✅ | | | |
+| [EnergySaverBatteryThresholdPluggedIn](/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | ✅ | | | |
+| [HibernateTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | ✅ | | | |
+| [HibernateTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | ✅ | | | |
+| [RequirePasswordWhenComputerWakesOnBattery](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | ✅ | | | |
+| [RequirePasswordWhenComputerWakesPluggedIn](/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | ✅ | | | |
+| [SelectLidCloseActionBattery](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | ✅ | | | |
+| [SelectLidCloseActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | ✅ | | | |
+| [SelectPowerButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | ✅ | | | |
+| [SelectPowerButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | ✅ | | | |
+| [SelectSleepButtonActionOnBattery](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | ✅ | | | |
+| [SelectSleepButtonActionPluggedIn](/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | ✅ | | | |
+| [StandbyTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | ✅ | | | |
+| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✅ | | | |
+| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✅ | | | |
+| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✅ | | | |
+| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while on battery. | ✅ | | | |
+| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while plugged in. | ✅ | | | |
## Privacy
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowAutoAcceptPairingAndPrivacyConsentPrompts](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowautoacceptpairingandprivacyconsentprompts) | Allow or disallow the automatic acceptance of the pairing and privacy user consent dialog boxes when launching apps. | | | | |
-| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✔️ | | ✔️ | |
-
+| [AllowInputPersonalization](/windows/client-management/mdm/policy-configuration-service-provider#privacy-allowinputpersonalization) | Allow the use of cloud-based speech services for Cortana, dictation, or Store apps. | ✅ | | ✅ | |
## Search
-| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | | | |
-[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This setting specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | |
-| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | |
-| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | | ✔️ | |
-| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | | | |
-| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To provide these features, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✔️ | | | |
-| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | | | |
-| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | | | |
-| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | | | |
-| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✔️ | | | |
-| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✔️ | | | |
-| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✔️ | | | |
-| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | | | |
-
-
+| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|--|:-:|:-:|:-:|:-:|
+| [AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✅ | | | |
+| [AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This setting specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✅ | | | |
+| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✅ | | | |
+| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✅ | | ✅ | |
+| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✅ | | | |
+| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To provide these features, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✅ | | | |
+| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✅ | | | |
+| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✅ | | | |
+| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✅ | | | |
+| [DisableRemovableDriveIndexing](/windows/client-management/mdm/policy-configuration-service-provider#search-disableremovabledriveindexing) | Configure whether locations on removable drives can be added to libraries. | ✅ | | | |
+| [PreventIndexingLowDiskSpaceMB](/windows/client-management/mdm/policy-configuration-service-provider#search-preventindexinglowdiskspacemb) | Prevent indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. | ✅ | | | |
+| [PreventRemoteQueries](/windows/client-management/mdm/policy-configuration-service-provider#search-preventremotequeries) | If enabled, clients will be unable to query this device's index remotely. | ✅ | | | |
+| [SafeSearchPermissions](/windows/client-management/mdm/policy-configuration-service-provider#search-safesearchpermissions) | Specify the level of safe search (filtering adult content) required. | | | | |
## Security
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✔️ | ✔️ | | ✔️ |
+| [AllowAddProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowaddprovisioningpackage) | Specify whether to allow installation of provisioning packages. | ✅ | ✅ | | ✅ |
| [AllowManualRootCertificateInstallation](/windows/client-management/mdm/policy-configuration-service-provider#security-allowmanualrootcertificateinstallation) | Specify whether the user is allowed to manually install root and intermediate CA certificates. | | | | |
-| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✔️ | ✔️ | | ✔️ |
+| [AllowRemoveProvisioningPackage](/windows/client-management/mdm/policy-configuration-service-provider#security-allowremoveprovisioningpackage) | Specify whether removal of provisioning packages is allowed. | ✅ | ✅ | | ✅ |
| [AntiTheftMode](/windows/client-management/mdm/policy-configuration-service-provider#security-antitheftmode) | Allow or disallow Anti Theft Mode on the device. | | | | |
-| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✔️ | ✔️ | | ✔️ |
-| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✔️ | | | |
+| [RequireDeviceEncryption](/windows/client-management/mdm/policy-configuration-service-provider#security-requiredeviceencryption) | Specify whether encryption is required. | ✅ | ✅ | ✅ | ✅ |
+| [RequireProvisioningPackageSignature](/windows/client-management/mdm/policy-configuration-service-provider#security-requireprovisioningpackagesignature) | Specify whether provisioning packages must have a certificate signed by a device-trusted authority. | ✅ | ✅ | | ✅ |
+| [RequireRetrieveHealthCertificateOnBoot](/windows/client-management/mdm/policy-configuration-service-provider#security-requireretrievehealthcertificateonboot) | Specify whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service when a device boots or reboots. | ✅ | | | |
## Settings
@@ -426,168 +400,163 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | | | |
| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | | | |
-| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✔️ | |
-| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing other calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | |
-[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | |
+| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✅ | |
+| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing other calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✅ | | | |
+[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✅ | | | |
## Start
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✔️ | | | |
-| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✔️ | | | |
-| DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✔️ | | | |
-| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✔️ | | | |
-| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✔️ | | | |
-| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✔️ | | | |
-| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | |
-| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | |
-| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | |
-| HidePeopleBar | Remove the people icon from the taskbar, and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | |
-| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | |
-| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | |
-| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | |
-| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✔️ | | | |
-| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✔️ | | | |
-| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✔️ | | | |
-| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✔️ | | | |
-| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✔️ | | | |
-| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✔️ | | | |
-| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✔️ | | | |
-| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✔️ | | | |
-| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✔️ | | | |
+| [AllowPinnedFolderDocuments](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdocuments) | Control the visibility of the Documents shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderDownloads](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderdownloads) | Control the visibility of the Downloads shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderFileExplorer](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderfileexplorer) | Control the visibility of the File Explorer shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderHomeGroup](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderhomegroup) | Control the visibility of the Home Group shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderMusic](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldermusic) | Control the visibility of the Music shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderNetwork](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldernetwork) | Control the visibility of the Network shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderPersonalFolder](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpersonalfolder) | Control the visibility of the Personal Folder shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderPictures](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfolderpictures) | Control the visibility of the Pictures shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | Control the visibility of the Settings shortcut on the Start menu. | ✅ | | | |
+| [AllowPinnedFolderVideos](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldervideos) |Control the visibility of the Videos shortcut on the Start menu. | ✅ | | | |
+| DisableContextMenus | Prevent context menus from being invoked in the Start menu. | ✅ | | | |
+| [ForceStartSize](/windows/client-management/mdm/policy-configuration-service-provider#start-forcestartsize) | Force the size of the Start screen. | ✅ | | | |
+| [HideAppList](/windows/client-management/mdm/policy-configuration-service-provider#start-hideapplist) | Collapse or remove the all apps list. | ✅ | | | |
+| [HideChangeAccountSettings](/windows/client-management/mdm/policy-configuration-service-provider#start-hidechangeaccountsettings) | Hide **Change account settings** from appearing in the user tile. | ✅ | | | |
+| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✅ | | | |
+| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✅ | | | |
+| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✅ | | | |
+| HidePeopleBar | Remove the people icon from the taskbar, and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✅ | | | |
+| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✅ | | | |
+| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✅ | | | |
+| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✅ | | | |
+| [HideRestart](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderestart) | Prevent **Restart** and **Update and restart** from appearing in the Power button. | ✅ | | | |
+| [HideShutDown](/windows/client-management/mdm/policy-configuration-service-provider#start-hideshutdown) | Prevent **Shut down** and **Update and shut down** from appearing in the Power button. | ✅ | | | |
+| [HideSignOut](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesignout) | Prevent **Sign out** from appearing in the user tile. | ✅ | | | |
+| [HideSleep](/windows/client-management/mdm/policy-configuration-service-provider#start-hidesleep) | Prevent **Sleep** from appearing in the Power button. | ✅ | | | |
+| [HideSwitchAccount](/windows/client-management/mdm/policy-configuration-service-provider#start-hideswitchaccount) | Prevent **Switch account** from appearing in the user tile. | ✅ | | | |
+| [HideUserTile](/windows/client-management/mdm/policy-configuration-service-provider#start-hideusertile) | Hide the user tile. | ✅ | | | |
+| [ImportEdgeAssets](/windows/client-management/mdm/policy-configuration-service-provider#start-importedgeassets) | Import Edge assets for secondary tiles. For more information, see [Add image for secondary Microsoft Edge tiles](../start-secondary-tiles.md). | ✅ | | | |
+| [NoPinningToTaskbar](/windows/client-management/mdm/policy-configuration-service-provider#start-nopinningtotaskbar) | Prevent users from pinning and unpinning apps on the taskbar. | ✅ | | | |
+| [StartLayout](/windows/client-management/mdm/policy-configuration-service-provider#start-startlayout) | Apply a custom Start layout. For more information, see [Customize Windows 10 Start and taskbar with provisioning packages](../customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md) | ✅ | | | |
## System
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✔️ | | | |
-| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✔️ | ✔️ | | ✔️ |
-| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✔️ | | | |
-| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✔️ | ✔️ | | ✔️ |
-| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✔️ | | ✔️ | |
-| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✔️ | | | |
-ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✔️ | | | |
-ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✔️ | | | |
-| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | | | |
-| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | | | |
-| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | |
-| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | |
-
+| --- | --- | :---: | :---: | :---: | :---: |
+| [AllowBuildPreview](/windows/client-management/mdm/policy-configuration-service-provider#system-allowbuildpreview) | Specify whether users can access the Insider build controls in the **Advanced Options** for Windows Update. | ✅ | | | |
+| [AllowEmbeddedMode](/windows/client-management/mdm/policy-configuration-service-provider#system-allowembeddedmode) | Specify whether to set general purpose device to be in embedded mode. | ✅ | ✅ | | ✅ |
+| [AllowExperimentation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowexperimentation) | Determine the level that Microsoft can experiment with the product to study user preferences or device behavior. | ✅ | | | |
+| [AllowLocation](/windows/client-management/mdm/policy-configuration-service-provider#system-allowlocation) | Specify whether to allow app access to the Location service. | ✅ | ✅ | ✅ | ✅ |
+| [AllowStorageCard](/windows/client-management/mdm/policy-configuration-service-provider#system-allowstoragecard) | Specify whether the user is allowed to use the storage card for device storage. | ✅ | ✅ | | ✅ |
+| [AllowTelemetry](/windows/client-management/mdm/policy-configuration-service-provider#system-allowtelemetry) | Allow the device to send diagnostic and usage data. | ✅ | | ✅ | |
+| [AllowUserToResetPhone](/windows/client-management/mdm/policy-configuration-service-provider#system-allowusertoresetphone) | Allow the user to factory reset the phone. | ✅ | | | |
+ConfigureTelemetryOptInChangeNotification | This policy setting determines whether a device shows notifications about telemetry levels to people on first sign-in or when changes occur in Settings. | ✅ | | | |
+ConfigureTelemetryOptInSettingsUx | This policy setting determines whether people can change their own telemetry levels in Settings | ✅ | | | |
+| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✅ | | | |
+| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✅ | | | |
+| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✅ | | | |
+| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✅ | | | |
## TextInput
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | |
-| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. | ✔️ | | | |
-| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | |
-| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | |
-| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | |
-| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✔️ | | | |
-| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | |
-| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | |
-| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | |
-| AllowUserInputsFromMiracastRecevier | Don't use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
-| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
-
+| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✅ | | | |
+| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. | ✅ | | | |
+| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✅ | | | |
+| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✅ | | | |
+| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✅ | | | |
+| [AllJapaneseNonPublishingStandardGlyph](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapanesenonpublishingstandardglyph) | All the Japanese non-publishing standard glyph. | ✅ | | | |
+| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✅ | | | |
+| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✅ | | | |
+| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✅ | | | |
+| AllowUserInputsFromMiracastRecevier | Don't use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
+| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
+| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
+| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✅ | | | |
## TimeLanguageSettings
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
+| --- | --- | :---: | :---: | :---: | :---: |
| [AllowSet24HourClock](/windows/client-management/mdm/policy-configuration-service-provider#timelanguagesettings-allowset24hourclock) | Configure the default clock setting to be the 24 hour format. | | | | |
-
## Update
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
|---------|-------------|:--------------:|:-----------:|:--------:|:--------:|
-| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
-| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ |
-| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
-| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ |
-| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✔️ | ✔️ | | ✔️ |
-| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✔️ | ✔️ | | ✔️ |
-| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ |
-| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✔️ | ✔️ | | ✔️ |
-| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Don't allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
-| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
-| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ |
-| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it's missing from the metadata. | ✔️ | ✔️ | | ✔️ |
-| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ |
-| PhoneUpdateRestrictions | Deprecated | | ✔️ | | |
-| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✔️ | ✔️ | | ✔️ |
-| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✔️ | ✔️ | | ✔️ |
-| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✔️ | ✔️ | | ✔️ |
-| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✔️ | ✔️ | | ✔️ |
-| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✔️ | ✔️ | | ✔️ |
-| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✔️ | ✔️ | | ✔️ |
-| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✔️ | ✔️ | | ✔️ |
-| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
+| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots aren't scheduled. | ✅ | ✅ | | ✅ |
+| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✅ | ✅ | | ✅ |
+| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots aren't scheduled. | ✅ | ✅ | | ✅ |
+| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✅ | ✅ | ✅ | ✅ |
+| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✅ | ✅ | | ✅ |
+| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
+| [AllowNonMicrosoftSignedUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allownonmicrosoftsignedupdate) | Manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. | ✅ | ✅ | | ✅ |
+| [AllowUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowupdateservice) | Specify whether the device can use Microsoft Update, Windows Server Update Services (WSUS), or Microsoft Store. | ✅ | ✅ | ✅ | ✅ |
+| [AutoRestartDeadlinePeriodInDays](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindays) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✅ | ✅ | | ✅ |
+| [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-autorestartdeadlineperiodindaysforfeatureupdates) | Specify number of days (between 2 and 30) after which a forced restart will occur outside of active hours when restart is pending. | ✅ | ✅ | | ✅ |
+| [AutoRestartNotificationSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartnotificationschedule) | Specify the period for auto-restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [AutoRestartRequiredNotificationDismissal](/windows/client-management/mdm/policy-configuration-service-provider#update-autorestartrequirednotificationdismissal) | Specify the method by which the auto-restart required notification is dismissed. | ✅ | ✅ | | ✅ |
+| [BranchReadinessLevel](/windows/client-management/mdm/policy-configuration-service-provider#update-branchreadinesslevel) | Select which branch a device receives their updates from. | ✅ | ✅ | ✅ | ✅ |
+| [DeferFeatureUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferfeatureupdatesperiodindays) | Defer Feature Updates for the specified number of days. | ✅ | ✅ | | ✅ |
+| [DeferQualityUpdatesPeriodInDays](/windows/client-management/mdm/policy-configuration-service-provider#update-deferqualityupdatesperiodindays) | Defer Quality Updates for the specified number of days. | ✅ | ✅ | | ✅ |
+| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✅ | ✅ | ✅ | ✅ |
+| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✅ | ✅ | ✅ | ✅ |
+| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✅ | ✅ | ✅ | ✅ |
+| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Don't allow update deferral policies to cause scans against Windows Update. | ✅ | ✅ | | ✅ |
+| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✅ | ✅ | | ✅ |
+| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✅ | ✅ | | ✅ |
+| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [EngagedRestartSnoozeScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozescheduleforfeatureupdates) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✅ | ✅ | | ✅ |
+| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✅ | ✅ | | ✅ |
+| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✅ | ✅ | | ✅ |
+| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✅ | ✅ | | ✅ |
+| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it's missing from the metadata. | ✅ | ✅ | | ✅ |
+| ManagePreviewBuilds | Use to enable or disable preview builds. | ✅ | ✅ | ✅ | ✅ |
+| PhoneUpdateRestrictions | Deprecated | | ✅ | | |
+| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallDay](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstallday) | Schedule the day for update installation. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallEveryWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstalleveryweek) | To schedule update installation every week, set the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallFirstWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfirstweek) | To schedule update installation the first week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallFourthWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallfourthweek) | To schedule update installation the fourth week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallSecondWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallsecondweek) | To schedule update installation the second week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallThirdWeek](/windows/client-management/mdm/policy-csp-update#update-scheduledinstallthirdweek) | To schedule update installation the third week of the month, see the value as `1`. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduledInstallTime](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduledinstalltime) | Schedule the time for update installation. | ✅ | ✅ | ✅ | ✅ |
+| [ScheduleImminentRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-scheduleimminentrestartwarning) | Specify the period for auto-restart imminent warning notifications. | ✅ | ✅ | | ✅ |
+| [ScheduleRestartWarning](/windows/client-management/mdm/policy-configuration-service-provider#update-schedulerestartwarning) | Specify the period for auto-restart warning reminder notifications. | ✅ | ✅ | | ✅ |
+| [SetAutoRestartNotificationDisable](/windows/client-management/mdm/policy-configuration-service-provider#update-setautorestartnotificationdisable) | Disable auto-restart notifications for update installations. | ✅ | ✅ | | ✅ |
+| [SetDisablePauseUXAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisablepauseuxaccess) | Disable access to scan Windows Update. | ✅ | ✅ | | ✅ |
+| [SetDisableUXWUAccess](/windows/client-management/mdm/policy-configuration-service-provider#update-setdisableuxwuaccess) | Disable the **Pause updates** feature. | ✅ | ✅ | | ✅ |
+| [SetEDURestart](/windows/client-management/mdm/policy-configuration-service-provider#update-setedurestart) | Skip the check for battery level to ensure that the reboot will happen at ScheduledInstallTime. | ✅ | ✅ | | ✅ |
+| UpdateNotificationLevel | Specify whether to enable or disable Windows Update notifications, including restart warnings. | ✅ | ✅ | | ✅ |
+| [UpdateServiceUrl](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurl) | Configure the device to check for updates from a WSUS server instead of Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
+| [UpdateServiceUrlAlternate](/windows/client-management/mdm/policy-configuration-service-provider#update-updateserviceurlalternate) | Specify an alternate intranet server to host updates from Microsoft Update. | ✅ | ✅ | ✅ | ✅ |
## WiFi
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✔️ | | | |
-| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✔️ | | | |
+| [AllowAutoConnectToWiFiSenseHotspots](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowautoconnecttowifisensehotspots) | Allow the device to connect automatically to Wi-Fi hotspots. | ✅ | | | |
+| [AllowInternetSharing](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | ✅ | | | |
| [AllowManualWiFiConfiguration](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | | | |
| [AllowWiFi](/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | | | |
-| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✔️ | ✔️ | | ✔️ |
+| [WLANScanMode](/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | ✅ | ✅ | | ✅ |
## WindowsInkWorkspace
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✔️ | | | |
-| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✔️ | | | |
-
+| [AllowSuggestedAppsInWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace) | Show recommended app suggestions in the ink workspace. | ✅ | | | |
+| [AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-configuration-service-provider#windowsinkworkspace-allowwindowsinkworkspace) | Specify whether to allow the user to access the ink workspace. | ✅ | | | |
## WindowsLogon
-
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | --- | :---: | :---: | :---: | :---: |
-| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✔️ | | | |
+| --- | --- | :---: | :---: | :---: | :---: |
+| [HideFastUserSwitching](/windows/client-management/mdm/policy-configuration-service-provider#windowslogon-hidefastuserswitching) | Hide the **Switch account** button on the sign-in screen, Start, and the Task Manager. | ✅ | | | |
## WirelessDisplay
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✔️ | | | |
+| [AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | This policy controls whether or not the wireless display can send input (keyboard, mouse, pen, and touch, dependent upon display support) back to the source device. For example, a Surface Laptop is projecting wirelessly to a Surface Hub. If input from the wireless display receiver is allowed, users can draw with a pen on the Surface Hub. | ✅ | | | |
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
index 13962db09d..f1cf11e992 100644
--- a/windows/configuration/wcd/wcd-privacy.md
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -1,15 +1,8 @@
---
-title: Privacy (Windows 10)
+title: Privacy
description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-manager: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Privacy (Windows Configuration Designer reference)
@@ -20,7 +13,7 @@ Use **Privacy** to configure settings for app activation with voice.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | ✔️ |
+| All settings | ✅ | ✅ | | ✅ |
## LetAppsActivateWithVoice
diff --git a/windows/configuration/wcd/wcd-provisioningcommands.md b/windows/configuration/wcd/wcd-provisioningcommands.md
index e79eb9f7f3..f10116f137 100644
--- a/windows/configuration/wcd/wcd-provisioningcommands.md
+++ b/windows/configuration/wcd/wcd-provisioningcommands.md
@@ -1,30 +1,19 @@
---
-title: ProvisioningCommands (Windows 10)
+title: ProvisioningCommands
description: This section describes the ProvisioningCommands settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
+
---
# ProvisioningCommands (Windows Configuration Designer reference)
-Use ProvisioningCommands settings to install Windows desktop applications using a provisioning package.
+Use ProvisioningCommands settings to install Windows desktop applications using a provisioning package.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
For instructions on adding apps to provisioning packages, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md).
-
-
-
-
diff --git a/windows/configuration/wcd/wcd-sharedpc.md b/windows/configuration/wcd/wcd-sharedpc.md
index 9bff17847b..64e884bf46 100644
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@@ -1,16 +1,8 @@
---
title: SharedPC
description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 10/16/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# SharedPC (Windows Configuration Designer reference)
@@ -20,8 +12,8 @@ Use SharedPC settings to optimize Windows devices for shared use scenarios, such
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
## AccountManagement
@@ -46,7 +38,6 @@ Set as **True** to enable **Shared PC Mode**. This setting controls this API: [I
Set as **True** to enable **Shared PC Mode**. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
-
## PolicyCustomization
Use these settings to configure additional Shared PC policies.
diff --git a/windows/configuration/wcd/wcd-smisettings.md b/windows/configuration/wcd/wcd-smisettings.md
index 1e5fe77243..a1b396a24b 100644
--- a/windows/configuration/wcd/wcd-smisettings.md
+++ b/windows/configuration/wcd/wcd-smisettings.md
@@ -1,16 +1,8 @@
---
-title: SMISettings (Windows 10)
+title: SMISettings
description: This section describes the SMISettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
ms.date: 03/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
---
# SMISettings (Windows Configuration Designer reference)
@@ -20,8 +12,8 @@ Use SMISettings settings to customize the device with custom shell, suppress Win
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | | | |
## All settings in SMISettings
@@ -59,7 +51,7 @@ The default value is **17**, which disables all Welcome screen UI elements and t
| 8 | Disables the Ease of access button |
| 16 | Disables the Switch user button |
| 32 | Disables the blocked shutdown resolver (BSDR) screen. Restarting or shutting down the system causes the OS to immediately force close any applications that are blocking the system shutdown. No UI is displayed, and users aren't given a chance to cancel the shutdown process. This value can result in a loss of data if any open applications have unsaved data. |
-
+
## CrashDumpEnabled values
If the system stops unexpectedly, choose the type of information to capture in a dump (.dmp) file.
@@ -73,10 +65,10 @@ Set CrashDumpEnabled to one of the following values:
| 1 | Records all the contents of system memory. This dump file may contain data from processes that were running when the information was collected. |
| 2 | Records only the kernel memory. This dump file includes only memory that's allocated to the kernel, kernel-mode drivers, and other kernel-mode programs. It doesn't include unallocated memory, or any memory that's allocated to user-mode programs. For most purposes, this kind of dump file is the most useful because it's smaller than the complete memory dump file. It also includes information that's most likely involved in the issue. If a second problem occurs, the dump file is overwritten with new information. |
| 3 | Records the smallest amount of useful information that may help identify why the device stopped unexpectedly. This type of dump file includes the following information:- A list of loaded drivers- The processor context (PRCB) for the processor that stopped- The process information and kernel context (EPROCESS) for the process that stopped- The process information and kernel context (ETHREAD) for the thread that stopped- The kernel-mode call stack for the thread that stoppedThis dump file can be useful when space is limited. Because of the limited information, errors that aren't directly caused by the running thread at the time of the problem may not be discovered by analyzing this file. The date is encoded in the file name. If a second problem occurs, the previous file is preserved and the new file is given a distinct name. A list of all small memory dump files is kept in the %SystemRoot%\Minidump folder. |
-| 4 | Records the smallest amount of useful information. This value produces the same results as entering a value of 3. |
-| 7 | Records only the kernel memory. This value produces the same results as entering a value of 2. This is the default value. |
+| 4 | Records the smallest amount of useful information. This value produces the same results as entering a value of 1. |
+| 7 | Records only the kernel memory. This value produces the same results as entering a value of 1. This is the default value. |
| Any other value | Disables crash dump and doesn't record anything. |
-
+
## KeyboardFilter settings
Use these settings to suppress undesirable key presses or key combinations. KeyboardFilter works with physical keyboards, the Windows on-screen keyboard, and the touch keyboard.
@@ -98,7 +90,7 @@ When you **enable** KeyboardFilter, many other settings become available for con
Use ShellLauncher to specify the application or executable to use as the default custom shell. One use of ShellLauncher is to [create a kiosk (fixed-purpose) device running a Windows desktop application](/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions#shell-launcher-for-classic-windows-applications).
>[!WARNING]
->Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
+>Windows 10 doesn't support setting a custom shell prior to OOBE. If you do, you won't be able to deploy the resulting image.
You can also configure ShellLauncher to launch different shell applications for different users or user groups.
diff --git a/windows/configuration/wcd/wcd-start.md b/windows/configuration/wcd/wcd-start.md
index b8d84f5b0c..aab20c09ae 100644
--- a/windows/configuration/wcd/wcd-start.md
+++ b/windows/configuration/wcd/wcd-start.md
@@ -1,16 +1,8 @@
---
-title: Start (Windows 10)
+title: Start
description: This section describes the Start settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Start (Windows Configuration Designer reference)
@@ -19,9 +11,9 @@ Use Start settings to apply a customized Start screen to devices.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| StartLayout | ✔️ | | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| StartLayout | ✅ | | | |
>[!IMPORTANT]
>The StartLayout setting is available in the advanced provisioning for Windows 10, but shouldn't be used. For Windows client, use [Policies > StartLayout](wcd-policies.md#start).
@@ -29,4 +21,3 @@ Use Start settings to apply a customized Start screen to devices.
## StartLayout
Use StartLayout to select the `LayoutModification.xml` file that applies a customized Start screen.
-
diff --git a/windows/configuration/wcd/wcd-startupapp.md b/windows/configuration/wcd/wcd-startupapp.md
index 55c8fcc8f3..7f4c1c4709 100644
--- a/windows/configuration/wcd/wcd-startupapp.md
+++ b/windows/configuration/wcd/wcd-startupapp.md
@@ -1,16 +1,8 @@
---
-title: StartupApp (Windows 10)
+title: StartupApp
description: This section describes the StartupApp settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# StartupApp (Windows Configuration Designer reference)
@@ -20,7 +12,7 @@ Use StartupApp settings to configure the default app that will run on start for
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| Default | | | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| Default | | | | ✅ |
Enter the [Application User Model ID (AUMID)](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the default app.
diff --git a/windows/configuration/wcd/wcd-startupbackgroundtasks.md b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
index 6838b63730..95022798c2 100644
--- a/windows/configuration/wcd/wcd-startupbackgroundtasks.md
+++ b/windows/configuration/wcd/wcd-startupbackgroundtasks.md
@@ -1,16 +1,8 @@
---
-title: StartupBackgroundTasks (Windows 10)
+title: StartupBackgroundTasks
description: This section describes the StartupBackgroundTasks settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# StartupBackgroundTasks (Windows Configuration Designer reference)
@@ -21,5 +13,4 @@ Documentation not available at this time.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | | | | ✔️ |
-
+| All settings | | | | ✅ |
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
index 397c14a4f5..7daa17c986 100644
--- a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -1,15 +1,8 @@
---
-title: StorageD3InModernStandby (Windows 10)
+title: StorageD3InModernStandby
description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# StorageD3InModernStandby (Windows Configuration Designer reference)
@@ -24,5 +17,5 @@ Use **StorageD3InModernStandby** to enable or disable low-power state (D3) durin
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| All settings | ✅ | ✅ | | ✅ |
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index cd0bdc4208..7a8db5a247 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -1,16 +1,8 @@
---
-title: SurfaceHubManagement (Windows 10)
+title: SurfaceHubManagement
description: This section describes the SurfaceHubManagement settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# SurfaceHubManagement (Windows Configuration Designer reference)
@@ -20,14 +12,11 @@ Use SurfaceHubManagement settings to set the administrator group that will manag
>[!IMPORTANT]
>These settings should be used only in provisioning packages that are applied during OOBE.
-
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
-
+| --- | :---: | :---: | :---: | :---: |
+| All settings | | ✅ | | |
## GroupName
diff --git a/windows/configuration/wcd/wcd-tabletmode.md b/windows/configuration/wcd/wcd-tabletmode.md
index 9934c78fd0..04aeb1232a 100644
--- a/windows/configuration/wcd/wcd-tabletmode.md
+++ b/windows/configuration/wcd/wcd-tabletmode.md
@@ -1,16 +1,8 @@
---
-title: TabletMode (Windows 10)
+title: TabletMode
description: This section describes the TabletMode settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# TabletMode (Windows Configuration Designer reference)
@@ -21,11 +13,11 @@ Use TabletMode to configure settings related to tablet mode.
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | ✔️ | | |
+| All settings | ✅ | ✅ | | |
## ConvertibleSlateModePromptPreference
-Set the default for hardware-based prompts.
+Set the default for hardware-based prompts.
## SignInMode
diff --git a/windows/configuration/wcd/wcd-takeatest.md b/windows/configuration/wcd/wcd-takeatest.md
index d5071fb0e0..79a7405207 100644
--- a/windows/configuration/wcd/wcd-takeatest.md
+++ b/windows/configuration/wcd/wcd-takeatest.md
@@ -1,16 +1,8 @@
---
-title: TakeATest (Windows 10)
+title: TakeATest
description: This section describes the TakeATest settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 09/06/2017
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# TakeATest (Windows Configuration Designer reference)
@@ -21,7 +13,7 @@ Use TakeATest to configure the Take A Test app, a secure browser for test-taking
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | |
+| All settings | ✅ | | | |
## AllowScreenMonitoring
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
index 1bb981193e..39bb291ce0 100644
--- a/windows/configuration/wcd/wcd-time.md
+++ b/windows/configuration/wcd/wcd-time.md
@@ -1,26 +1,19 @@
---
-title: Time (Windows 10)
+title: Time
description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
-manager: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Time
-Use **Time** to configure settings for time zone setup for Windows 10, version (TBD) and later.
+Use **Time** to configure settings for time zone setup for Windows 10, version (TBD) and later.
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| [ProvisionSetTimeZone](#provisionsettimezone) | ✔️ | | | |
+| [ProvisionSetTimeZone](#provisionsettimezone) | ✅ | | | |
## ProvisionSetTimeZone
@@ -33,6 +26,3 @@ Set to **False** for time zone assignment to occur when the first user signs in.
>[!NOTE]
>Do not set **Time > ProvisionSetTimeZone** to **False** and also set a time zone in **Policies > TimeLanguageSettings > ConfigureTimeZone**.
-
-
-
diff --git a/windows/configuration/wcd/wcd-unifiedwritefilter.md b/windows/configuration/wcd/wcd-unifiedwritefilter.md
index 2c03844e3f..a7aea5e4ed 100644
--- a/windows/configuration/wcd/wcd-unifiedwritefilter.md
+++ b/windows/configuration/wcd/wcd-unifiedwritefilter.md
@@ -1,21 +1,12 @@
---
-title: UnifiedWriteFilter (Windows 10)
+title: UnifiedWriteFilter
description: This section describes the UnifiedWriteFilter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UnifiedWriteFilter (reference)
-
Use UnifiedWriteFilter to configure settings for the Unified Write Filter (UWF). It helps protect your physical storage media, including most standard writable storage types that are supported by the OS, such as:
- Physical hard disks
@@ -34,16 +25,15 @@ UWF intercepts all write attempts to a protected volume and redirects these writ
The overlay doesn't mirror the entire volume. It dynamically grows to keep track of redirected writes. Generally, the overlay is stored in system memory. You can cache a portion of the overlay on a physical volume.
>[!NOTE]
->UWF fully supports the NTFS system; however, during device startup, NTFS file system journal files can write to a protected volume before UWF has loaded and started protecting the volume.
+>UWF fully supports the NTFS system; however, during device startup, NTFS file system journal files can write to a protected volume before UWF has loaded and started protecting the volume.
[Learn more about the Unified Write Filter feature.](/windows-hardware/customize/enterprise/unified-write-filter)
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
-| All settings | ✔️ | | | ✔️ |
+| All settings | ✅ | | | ✅ |
## FilterEnabled
@@ -51,7 +41,7 @@ Set to **True** to enable UWF.
## OverlayFlags
-OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not redirect to the overlay file. Enabling this setting helps conserve space on the overlay file.
+OverlayFlags specifies whether to allow writes to unused space on the volume to pass through, and not redirect to the overlay file. Enabling this setting helps conserve space on the overlay file.
- Value `0` (default value when [OverlayType](#overlaytype) isn't **Disk**): writes are redirected to the overlay file
- Value `1`(default value when [OverlayType](#overlaytype) is **Disk**): writes to unused space on the volume are allowed to pass through without being redirected to the overlay file.
@@ -65,7 +55,7 @@ Enter the maximum overlay size, in megabytes (MB), for the UWF overlay. The mini
## OverlayType
-OverlayType specifies where the overlay is stored. Select between **RAM** (default) and **Disk** (pre-allocated file on the system volume).
+OverlayType specifies where the overlay is stored. Select between **RAM** (default) and **Disk** (pre-allocated file on the system volume).
## RegistryExclusions
@@ -81,7 +71,7 @@ Set to **True** to reset UWF settings to the original state that was captured at
## Volumes
-Enter a drive letter for a volume to be protected by UWF.
+Enter a drive letter for a volume to be protected by UWF.
>[!NOTE]
>In the current OS release, Windows Configuration Designer contains a validation bug. To work around this issue, you must include a ":" after the drive letter when specifying the value for the setting. For example, if you are specifying the C drive, you must set DriveLetter to "C:" instead of just "C".
diff --git a/windows/configuration/wcd/wcd-universalappinstall.md b/windows/configuration/wcd/wcd-universalappinstall.md
index 2e3a68fe9f..2afe56cfb4 100644
--- a/windows/configuration/wcd/wcd-universalappinstall.md
+++ b/windows/configuration/wcd/wcd-universalappinstall.md
@@ -1,35 +1,26 @@
---
-title: UniversalAppInstall (Windows 10)
+title: UniversalAppInstall
description: This section describes the UniversalAppInstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UniversalAppInstall (reference)
-
-Use UniversalAppInstall settings to install Windows apps from the Microsoft Store or a hosted location.
+Use UniversalAppInstall settings to install Windows apps from the Microsoft Store or a hosted location.
>[!NOTE]
>You can only use the Windows provisioning settings and provisioning packages for apps where you have the available installation files, namely with sideloaded apps that have an offline license. [Learn more about offline app distribution.](/microsoft-store/distribute-offline-apps)
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [DeviceContextApp](#devicecontextapp) | ✔️ | ✔️ | | |
-| [DeviceContextAppLicense](#devicecontextapplicense) | ✔️ | ✔️ | | |
-| [StoreInstall](#storeinstall) | ✔️ | ✔️ | | ✔️ |
-| [UserContextApp](#usercontextapp) | ✔️ | ✔️ | | ✔️ |
-| [UserContextAppLicense](#usercontextapplicense) | ✔️ | ✔️ | | ✔️ |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [DeviceContextApp](#devicecontextapp) | ✅ | ✅ | | |
+| [DeviceContextAppLicense](#devicecontextapplicense) | ✅ | ✅ | | |
+| [StoreInstall](#storeinstall) | ✅ | ✅ | | ✅ |
+| [UserContextApp](#usercontextapp) | ✅ | ✅ | | ✅ |
+| [UserContextAppLicense](#usercontextapplicense) | ✅ | ✅ | | ✅ |
## DeviceContextApp
@@ -41,56 +32,52 @@ Enter an app package family name to install an app for all device users. You can
For each app that you add to the package, configure the settings in the following table.
| Setting | Value | Description |
-| --- | --- | --- |
-| ApplicationFile | `.appx` or `.appxbundle` | Set the value to the app file that you want to install on the device. Also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
-| DependencyAppxFiles | Any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
-| DeploymentOptions | - None-Force application shutdown: If this package, or any package that depends on this package is currently in use, then the processes associated with the package are forcibly shut down. The registration can continue. - Development mode: Don't use. - Install all resources: When you set this option, the app is instructed to skip resource applicability checks.- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
-| LaunchAppAtLogin | - Don't launch app- Launch app | Set the value for app behavior when a user signs in. |
-| OptionalPackageFiles | Additional files required by the package | Browse to, select, and add the optional package files. |
+|--|--|--|
+| ApplicationFile | `.appx` or `.appxbundle` | Set the value to the app file that you want to install on the device. Also enable the [AllowAllTrustedApps setting](wcd-policies.md#applicationmanagement) and add a root certificate or license file. |
+| DependencyAppxFiles | Any required frameworks | In Microsoft Store for Business, any dependencies for the app are listed in the **Required frameworks** section of the download page. |
+| DeploymentOptions | - None-Force application shutdown: If this package, or any package that depends on this package is currently in use, then the processes associated with the package are forcibly shut down. The registration can continue. - Development mode: Don't use. - Install all resources: When you set this option, the app is instructed to skip resource applicability checks.- Force target application shutdown: If this package is currently in use, the processes associated with the package are shut down forcibly so that registration can continue | Select a deployment option. |
+| LaunchAppAtLogin | - Don't launch app- Launch app | Set the value for app behavior when a user signs in. |
+| OptionalPackageFiles | Additional files required by the package | Browse to, select, and add the optional package files. |
For more information on deployment options, see [DeploymentOptions Enum](/uwp/api/windows.management.deployment.deploymentoptions).
## DeviceContextAppLicense
-Use to specify the license file for the provisioned app.
+Use to specify the license file for the provisioned app.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. For example, enter `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and select **Add**.
-
-2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
-
+1. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
## StoreInstall
Use to install an app from the Microsoft Store for Business.
1. Enter a package family name, and then select **Add**.
-2. Configure the following required settings for the app package.
+1. Configure the following required settings for the app package.
-Setting | Description
---- | ---
-Flags | Description not available at this time.
-ProductID | Enter the product ID. [Learn how to find the product ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services)
-SkuID | Enter the SKU ID. [Learn how to find the SKU ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services)
+| Setting | Description |
+|--|--|
+| Flags | Description not available at this time. |
+| ProductID | Enter the product ID. [Learn how to find the product ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services) |
+| SkuID | Enter the SKU ID. [Learn how to find the SKU ID.](/microsoft-store/microsoft-store-for-business-education-powershell-module#view-items-in-products-and-services) |
## UserContextApp
Use to add a new user context app.
1. Specify a **PackageFamilyName** for the app, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then configure the following settings.
-
-Setting | Value | Description
---- | --- | ---
-ApplicationFile | App file | Browse to, select, and add the application file,
-DependencyAppxFiles | Additional files required by the app | Browse to, select, and add dependency files.
-DeploymentOptions | - None- Force application shutdown- Development mode- Install all resources- Force target application shutdown | Select a deployment option.
-LaunchAppAtLogin | - Don't launch app- Launch app | Select whether the app should be started when a user signs in.
+1. Select the PackageFamilyName in the Available Customizations pane, and then configure the following settings.
+| Setting | Value | Description |
+|--|--|--|
+| ApplicationFile | App file | Browse to, select, and add the application file, |
+| DependencyAppxFiles | Additional files required by the app | Browse to, select, and add dependency files. |
+| DeploymentOptions | - None- Force application shutdown- Development mode- Install all resources- Force target application shutdown | Select a deployment option. |
+| LaunchAppAtLogin | - Don't launch app- Launch app | Select whether the app should be started when a user signs in. |
## UserContextAppLicense
-Use to specify the license file for the user context app.
+Use to specify the license file for the user context app.
1. Specify a **LicenseProductId** for the app. You can find the license ID in the root header of the license file. For example, enter `LicenseID="aaaaaaaa-dddd-8848-f8d0-7d6a93dfcccc"`. Enter it in the LicenseProductId field, and select **Add**.
-
-2. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
+1. Select the LicenseProductId in the Available Customizations pane, and then browse to and select the app license file.
diff --git a/windows/configuration/wcd/wcd-universalappuninstall.md b/windows/configuration/wcd/wcd-universalappuninstall.md
index 5889dc2d7e..1d4aec5200 100644
--- a/windows/configuration/wcd/wcd-universalappuninstall.md
+++ b/windows/configuration/wcd/wcd-universalappuninstall.md
@@ -1,43 +1,33 @@
---
-title: UniversalAppUninstall (Windows 10)
+title: UniversalAppUninstall
description: This section describes the UniversalAppUninstall settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UniversalAppUninstall (reference)
-
Use UniversalAppUninstall settings to uninstall or remove Windows apps.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [RemoveProvisionedApp](#removeprovisionedapp) | ✔️ | | | |
-| [Uninstall](#uninstall) | ✔️ | ✔️ | | ✔️ |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [RemoveProvisionedApp](#removeprovisionedapp) | ✅ | | | |
+| [Uninstall](#uninstall) | ✅ | ✅ | | ✅ |
## RemoveProvisionedApp
-Universal apps can be *provisioned*. Provisioned means that they're available on the device for installation in user context. When a user runs the provisioned app, the app is then installed for that user.
+Universal apps can be *provisioned*. Provisioned means that they're available on the device for installation in user context. When a user runs the provisioned app, the app is then installed for that user.
Use **RemoveProvisionedApp** to remove app packages that are available on the device. Any instances of the app that have already been installed by a user aren't uninstalled. To uninstall provisioned apps that have been installed by a user, use the [Uninstall](#uninstall) setting.
1. Enter the PackageFamilyName for the app package, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then select **RemoveProvisionedApp**.
+1. Select the PackageFamilyName in the Available Customizations pane, and then select **RemoveProvisionedApp**.
## Uninstall
Use **Uninstall** to remove provisioned apps that have been installed by a user.
1. Enter the PackageFamilyName for the app package, and then select **Add**.
-2. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**.
+1. Select the PackageFamilyName in the Available Customizations pane, and then select **Uninstall**.
diff --git a/windows/configuration/wcd/wcd-usberrorsoemoverride.md b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
index 9869da77b4..ac5ff4d4ee 100644
--- a/windows/configuration/wcd/wcd-usberrorsoemoverride.md
+++ b/windows/configuration/wcd/wcd-usberrorsoemoverride.md
@@ -1,29 +1,19 @@
---
-title: UsbErrorsOEMOverride (Windows 10)
+title: UsbErrorsOEMOverride
description: This section describes the UsbErrorsOEMOverride settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# UsbErrorsOEMOverride (reference)
-
-Allows an OEM to hide the USB option UI in Settings and all USB device errors.
-
+Allows an OEM to hide the USB option UI in Settings and all USB device errors.
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✔️ | ✔️ | ✔️ | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [HideUsbErrorNotifyOptionUI](#hideusberrornotifyoptionui) | ✅ | ✅ | ✅ | |
## HideUsbErrorNotifyOptionUI
diff --git a/windows/configuration/wcd/wcd-weakcharger.md b/windows/configuration/wcd/wcd-weakcharger.md
index 211d170ce0..b9f60ef6bb 100644
--- a/windows/configuration/wcd/wcd-weakcharger.md
+++ b/windows/configuration/wcd/wcd-weakcharger.md
@@ -1,35 +1,24 @@
---
-title: WeakCharger (Windows 10)
+title: WeakCharger
description: This section describes the WeakCharger settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WeakCharger (reference)
-
Use WeakCharger settings to configure the charger notification UI.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✔️ | ✔️ | | |
-| [NotifyOnWeakCharger](#notifyonweakcharger) | ✔️ | ✔️ | | |
-
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| [HideWeakChargerNotifyOptionUI](#hideweakchargernotifyoptionui) | ✅ | ✅ | | |
+| [NotifyOnWeakCharger](#notifyonweakcharger) | ✅ | ✅ | | |
## HideWeakChargerNotifyOptionUI
-This setting determines whether the user sees the dialog that's displayed when the user connects the device to an incompatible charging source. By default, the OS shows the weak charger notification option UI.
+This setting determines whether the user sees the dialog that's displayed when the user connects the device to an incompatible charging source. By default, the OS shows the weak charger notification option UI.
Select between **Show Weak Charger Notifications UI** and **Hide Weak Charger Notifications UI**.
@@ -40,10 +29,9 @@ This setting shows a warning when the user connects the device to an incompatibl
An incompatible charging source is one that doesn't behave like one of the following port types:
- Charging downstream port
-- Standard downstream port
+- Standard downstream port
- Dedicated charging port
The port types are defined by the USB Battery Charging Specification, Revision 1.2, available at `USB.org`.
Select between **Disable Weak Charger Notifications UI** and **Enable Weak Charger Notifications UI**.
-
diff --git a/windows/configuration/wcd/wcd-windowshelloforbusiness.md b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
index f69695122b..d4daca497d 100644
--- a/windows/configuration/wcd/wcd-windowshelloforbusiness.md
+++ b/windows/configuration/wcd/wcd-windowshelloforbusiness.md
@@ -1,28 +1,19 @@
---
-title: WindowsHelloForBusiness (Windows 10)
+title: WindowsHelloForBusiness
description: This section describes the Windows Hello for Business settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WindowsHelloForBusiness (Windows Configuration Designer reference)
-
Use WindowsHelloForBusiness settings to specify whether [FIDO2 security keys for Windows Hello](https://blogs.windows.com/business/2018/04/17/windows-hello-fido2-security-keys/) can be used to sign in to a Windows device configured for [Shared PC mode](wcd-sharedpc.md).
## Applies to
| Setting groups | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [SecurityKeys](#securitykeys) | ✔️ | | | |
+| --- | :---: | :---: | :---: | :---: |
+| [SecurityKeys](#securitykeys) | ✅ | | | |
## SecurityKeys
diff --git a/windows/configuration/wcd/wcd-windowsteamsettings.md b/windows/configuration/wcd/wcd-windowsteamsettings.md
index f2ae2c2447..2615a85f97 100644
--- a/windows/configuration/wcd/wcd-windowsteamsettings.md
+++ b/windows/configuration/wcd/wcd-windowsteamsettings.md
@@ -1,36 +1,26 @@
---
-title: WindowsTeamSettings (Windows 10)
+title: WindowsTeamSettings
description: This section describes the WindowsTeamSettings settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WindowsTeamSettings (reference)
-
Use WindowsTeamSettings settings to configure Surface Hub.
-
## Applies to
-| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| All settings | | ✔️ | | |
+| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
+|--|:-:|:-:|:-:|:-:|
+| All settings | | ✅ | | |
## Connect
| Setting | Value | Description |
| --- | --- | --- |
| AutoLaunch | True or false | Open the Connect app automatically when someone projects. |
-| Channel | - 1, 3, 4, 5, 6, 7, 8, 9, 10, 11 (works with all Miracast senders in all regions)- 36, 40, 44, 48 (works with all 5ghz band Miracast senders in all regions)- 149, 153, 157, 161, 165 (works with all 5ghz band Miracast senders in all regions except Japan) | Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. Integer specifying the channel. The default value is 255. Outside of regulatory concerns, if the channel is configured incorrectly, the driver won't boot. Or, it will broadcast on the wrong channel, which senders won't be looking for. |
+| Channel | - 1, 3, 4, 5, 6, 7, 8, 9, 10, 11 (works with all Miracast senders in all regions)- 36, 40, 44, 48 (works with all 5ghz band Miracast senders in all regions)- 149, 153, 157, 161, 165 (works with all 5ghz band Miracast senders in all regions except Japan) | Wireless channel to use for Miracast operation. The supported channels are defined by the Wi-Fi Alliance Wi-Fi Direct specification. Integer specifying the channel. The default value is 251. Outside of regulatory concerns, if the channel is configured incorrectly, the driver won't boot. Or, it will broadcast on the wrong channel, which senders won't be looking for. |
| Enabled | True or false | Enables wireless projection to the device. |
| PINRequired | True or false | Requires presenters to enter a PIN to connect wirelessly to the device. |
@@ -55,8 +45,6 @@ A device account is a Microsoft Exchange account that's connected with Skype for
Use these settings to configure 802.1x wired authentication. For details, see [Enable 802.1x wired authentication](/surface-hub/enable-8021x-wired-authentication).
-
-
## FriendlyName
Enter the name that users will see when they want to project wirelessly to the device.
@@ -72,7 +60,7 @@ Maintenance hours are the period of time when automatic maintenance tasks are ru
## OMSAgent
-Configures the Operations Management Suite workspace.
+Configures the Operations Management Suite workspace.
| Setting | Value | Description |
| --- | --- | --- |
diff --git a/windows/configuration/wcd/wcd-wlan.md b/windows/configuration/wcd/wcd-wlan.md
index 6a2da109c1..6cfa3adaa3 100644
--- a/windows/configuration/wcd/wcd-wlan.md
+++ b/windows/configuration/wcd/wcd-wlan.md
@@ -1,27 +1,16 @@
---
-title: WLAN (Windows 10)
-ms.reviewer:
-manager: aaroncz
+title: WLAN
description: This section describes the WLAN settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# WLAN (reference)
-
Do not use at this time. Instead, use [ConnectivityProfiles > WLAN](wcd-connectivityprofiles.md#wlan)
-
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: |
| All settings | | | | |
-
diff --git a/windows/configuration/wcd/wcd-workplace.md b/windows/configuration/wcd/wcd-workplace.md
index 8e21def9dd..8f7a6dcdac 100644
--- a/windows/configuration/wcd/wcd-workplace.md
+++ b/windows/configuration/wcd/wcd-workplace.md
@@ -1,28 +1,19 @@
---
-title: Workplace (Windows 10)
+title: Workplace
description: This section describes the Workplace settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.date: 04/30/2018
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
+ms.date: 01/25/2024
---
# Workplace (reference)
-
Use Workplace settings to configure bulk user enrollment to a mobile device management (MDM) service. For more information, see [Bulk enrollment step-by-step](/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool).
## Applies to
| Setting | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [Enrollments](#enrollments) | ✔️ | ✔️ | | ✔️ |
+| --- | :---: | :---: | :---: | :---: |
+| [Enrollments](#enrollments) | ✅ | ✅ | | ✅ |
## Enrollments
@@ -36,6 +27,3 @@ Select **Enrollments**, enter a UPN, and then select **Add** to configure the se
| PolicyServiceFullUrl | URL | The full URL for the policy service |
| Secret | - Password string for on-premises authentication enrollment- Federated security token for federated enrollment- Certificate thumb print for certificate-based enrollment | Enter the appropriate value for the selected AuthPolicy. |
-## Related articles
-
-- [Provisioning configuration service provider (CSP)](/windows/client-management/mdm/provisioning-csp)
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index 3fe32ffa9b..3cbabeba2c 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -1,76 +1,67 @@
---
-title: Windows Configuration Designer provisioning settings (Windows 10)
+title: Windows Configuration Designer provisioning settings
description: This section describes the settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
-ms.prod: windows-client
-author: aczechowski
-ms.localizationpriority: medium
-ms.author: aaroncz
ms.topic: reference
-ms.collection: must-keep
-ms.reviewer:
-manager: aaroncz
-ms.technology: itpro-configure
-ms.date: 12/31/2017
+ms.date: 01/25/2024
---
# Windows Configuration Designer provisioning settings (reference)
-This section describes the settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer.
+This section describes the settings that you can configure in [provisioning packages](../provisioning-packages/provisioning-packages.md) for Windows 10 using Windows Configuration Designer.
## Edition that each group of settings applies to
| Setting group | Windows client | Surface Hub | HoloLens | IoT Core |
-| --- | :---: | :---: | :---: | :---: |
-| [AccountManagement](wcd-accountmanagement.md) | | | ✔️ | |
-| [Accounts](wcd-accounts.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [ADMXIngestion](wcd-admxingestion.md) | ✔️ | | | |
-| [AssignedAccess](wcd-assignedaccess.md) | ✔️ | | ✔️ | |
-| [Browser](wcd-browser.md) | ✔️ | ✔️ | | |
-| [CellCore](wcd-cellcore.md) | ✔️ | | | |
-| [Cellular](wcd-cellular.md) | ✔️ | | | |
-| [Certificates](wcd-certificates.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [CleanPC](wcd-cleanpc.md) | ✔️ | | | |
-| [Connections](wcd-connections.md) | ✔️ | ✔️ | | |
-| [ConnectivityProfiles](wcd-connectivityprofiles.md) | ✔️ | ✔️ | ✔️ | |
-| [CountryAndRegion](wcd-countryandregion.md) | ✔️ | ✔️ | | |
-| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | ✔️ | | | |
-| [DeveloperSetup](wcd-developersetup.md) | | | ✔️ | |
-| [DeviceFormFactor](wcd-deviceformfactor.md) | ✔️ | ✔️ | | |
-| [DeviceManagement](wcd-devicemanagement.md) | ✔️ | ✔️ | ✔️ | |
-| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | ✔️ | | | |
-| [DMClient](wcd-dmclient.md) | ✔️ | ✔️ | | ✔️ |
-| [EditionUpgrade](wcd-editionupgrade.md) | ✔️ | | ✔️ | |
+| --- | :---: | :---: | :---: | :---: |
+| [AccountManagement](wcd-accountmanagement.md) | | | ✅ | |
+| [Accounts](wcd-accounts.md) | ✅ | ✅ | ✅ | ✅ |
+| [ADMXIngestion](wcd-admxingestion.md) | ✅ | | | |
+| [AssignedAccess](wcd-assignedaccess.md) | ✅ | | ✅ | |
+| [Browser](wcd-browser.md) | ✅ | ✅ | | |
+| [CellCore](wcd-cellcore.md) | ✅ | | | |
+| [Cellular](wcd-cellular.md) | ✅ | | | |
+| [Certificates](wcd-certificates.md) | ✅ | ✅ | ✅ | ✅ |
+| [CleanPC](wcd-cleanpc.md) | ✅ | | | |
+| [Connections](wcd-connections.md) | ✅ | ✅ | | |
+| [ConnectivityProfiles](wcd-connectivityprofiles.md) | ✅ | ✅ | ✅ | |
+| [CountryAndRegion](wcd-countryandregion.md) | ✅ | ✅ | | |
+| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | ✅ | | | |
+| [DeveloperSetup](wcd-developersetup.md) | | | ✅ | |
+| [DeviceFormFactor](wcd-deviceformfactor.md) | ✅ | ✅ | | |
+| [DeviceManagement](wcd-devicemanagement.md) | ✅ | ✅ | ✅ | |
+| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | ✅ | | | |
+| [DMClient](wcd-dmclient.md) | ✅ | ✅ | | ✅ |
+| [EditionUpgrade](wcd-editionupgrade.md) | ✅ | | ✅ | |
| [EmbeddedLockdownProfiles](https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5) | | | | |
-| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | ✔️ |
-| [FirstExperience](wcd-firstexperience.md) | | | ✔️ | |
-| [Folders](wcd-folders.md) |✔️ | ✔️ | | |
-| [KioskBrowser](wcd-kioskbrowser.md) | | | | ✔️ |
-| [Licensing](wcd-licensing.md) | ✔️ | | | |
-| [Location](wcd-location.md) | | | | ✔️ |
-| [Maps](wcd-maps.md) |✔️ | ✔️ | | |
-| [NetworkProxy](wcd-networkproxy.md) | | ✔️ | | |
-| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | ✔️ | | |
-| [OOBE](wcd-oobe.md) | ✔️ | | | |
-| [Personalization](wcd-personalization.md) | ✔️ | | | |
-| [Policies](wcd-policies.md) | ✔️ | ✔️ | ✔️ | ✔️ |
-| [Privacy](wcd-folders.md) |✔️ | ✔️ | | ✔️ |
-| [ProvisioningCommands](wcd-provisioningcommands.md) | ✔️ | | | |
-| [SharedPC](wcd-sharedpc.md) | ✔️ | | | |
-| [SMISettings](wcd-smisettings.md) | ✔️ | | | |
-| [Start](wcd-start.md) | ✔️ | | | |
-| [StartupApp](wcd-startupapp.md) | | | | ✔️ |
-| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | ✔️ |
-| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |✔️ | ✔️ | | ✔️ |
-| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | ✔️ | | |
-| [TabletMode](wcd-tabletmode.md) |✔️ | ✔️ | | |
-| [TakeATest](wcd-takeatest.md) | ✔️ | | | |
-| [Time](wcd-time.md) | ✔️ | | | |
-| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | ✔️ | | | ✔️ |
-| [UniversalAppInstall](wcd-universalappinstall.md) | ✔️ | ✔️ | | ✔️ |
-| [UniversalAppUninstall](wcd-universalappuninstall.md) | ✔️ | ✔️ | | ✔️ |
-| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | ✔️ | ✔️ | | |
-| [WeakCharger](wcd-weakcharger.md) |✔️ | ✔️ | | |
-| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | ✔️ | | | |
-| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | ✔️ | | |
-| [Workplace](wcd-workplace.md) |✔️ | ✔️ | | ✔️ |
-
+| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | ✅ |
+| [FirstExperience](wcd-firstexperience.md) | | | ✅ | |
+| [Folders](wcd-folders.md) |✅ | ✅ | | |
+| [KioskBrowser](wcd-kioskbrowser.md) | | | | ✅ |
+| [Licensing](wcd-licensing.md) | ✅ | | | |
+| [Location](wcd-location.md) | | | | ✅ |
+| [Maps](wcd-maps.md) |✅ | ✅ | | |
+| [NetworkProxy](wcd-networkproxy.md) | | ✅ | | |
+| [NetworkQOSPolicy](wcd-networkqospolicy.md) | | ✅ | | |
+| [OOBE](wcd-oobe.md) | ✅ | | | |
+| [Personalization](wcd-personalization.md) | ✅ | | | |
+| [Policies](wcd-policies.md) | ✅ | ✅ | ✅ | ✅ |
+| [Privacy](wcd-folders.md) |✅ | ✅ | | ✅ |
+| [ProvisioningCommands](wcd-provisioningcommands.md) | ✅ | | | |
+| [SharedPC](wcd-sharedpc.md) | ✅ | | | |
+| [SMISettings](wcd-smisettings.md) | ✅ | | | |
+| [Start](wcd-start.md) | ✅ | | | |
+| [StartupApp](wcd-startupapp.md) | | | | ✅ |
+| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | ✅ |
+| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |✅ | ✅ | | ✅ |
+| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | ✅ | | |
+| [TabletMode](wcd-tabletmode.md) |✅ | ✅ | | |
+| [TakeATest](wcd-takeatest.md) | ✅ | | | |
+| [Time](wcd-time.md) | ✅ | | | |
+| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | ✅ | | | ✅ |
+| [UniversalAppInstall](wcd-universalappinstall.md) | ✅ | ✅ | | ✅ |
+| [UniversalAppUninstall](wcd-universalappuninstall.md) | ✅ | ✅ | | ✅ |
+| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | ✅ | ✅ | | |
+| [WeakCharger](wcd-weakcharger.md) |✅ | ✅ | | |
+| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | ✅ | | | |
+| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | ✅ | | |
+| [Workplace](wcd-workplace.md) |✅ | ✅ | | ✅ |
diff --git a/windows/deployment/images/ISE.PNG b/windows/deployment/images/ISE.png
similarity index 100%
rename from windows/deployment/images/ISE.PNG
rename to windows/deployment/images/ISE.png
diff --git a/windows/deployment/images/configmgr-client.PNG b/windows/deployment/images/configmgr-client.png
similarity index 100%
rename from windows/deployment/images/configmgr-client.PNG
rename to windows/deployment/images/configmgr-client.png
diff --git a/windows/deployment/images/configmgr-collection.PNG b/windows/deployment/images/configmgr-collection.png
similarity index 100%
rename from windows/deployment/images/configmgr-collection.PNG
rename to windows/deployment/images/configmgr-collection.png
diff --git a/windows/deployment/images/configmgr-install-os.PNG b/windows/deployment/images/configmgr-install-os.png
similarity index 100%
rename from windows/deployment/images/configmgr-install-os.PNG
rename to windows/deployment/images/configmgr-install-os.png
diff --git a/windows/deployment/images/configmgr-post-refresh.PNG b/windows/deployment/images/configmgr-post-refresh.png
similarity index 100%
rename from windows/deployment/images/configmgr-post-refresh.PNG
rename to windows/deployment/images/configmgr-post-refresh.png
diff --git a/windows/deployment/images/configmgr-pxe.PNG b/windows/deployment/images/configmgr-pxe.png
similarity index 100%
rename from windows/deployment/images/configmgr-pxe.PNG
rename to windows/deployment/images/configmgr-pxe.png
diff --git a/windows/deployment/images/configmgr-site.PNG b/windows/deployment/images/configmgr-site.png
similarity index 100%
rename from windows/deployment/images/configmgr-site.PNG
rename to windows/deployment/images/configmgr-site.png
diff --git a/windows/deployment/images/configmgr-software-cntr.PNG b/windows/deployment/images/configmgr-software-cntr.png
similarity index 100%
rename from windows/deployment/images/configmgr-software-cntr.PNG
rename to windows/deployment/images/configmgr-software-cntr.png
diff --git a/windows/deployment/images/deploy-finish.PNG b/windows/deployment/images/deploy-finish.png
similarity index 100%
rename from windows/deployment/images/deploy-finish.PNG
rename to windows/deployment/images/deploy-finish.png
diff --git a/windows/deployment/images/disk2vhd-gen2.PNG b/windows/deployment/images/disk2vhd-gen2.png
similarity index 100%
rename from windows/deployment/images/disk2vhd-gen2.PNG
rename to windows/deployment/images/disk2vhd-gen2.png
diff --git a/windows/deployment/images/disk2vhd.PNG b/windows/deployment/images/disk2vhd.png
similarity index 100%
rename from windows/deployment/images/disk2vhd.PNG
rename to windows/deployment/images/disk2vhd.png
diff --git a/windows/deployment/images/disk2vhd4.PNG b/windows/deployment/images/disk2vhd4.png
similarity index 100%
rename from windows/deployment/images/disk2vhd4.PNG
rename to windows/deployment/images/disk2vhd4.png
diff --git a/windows/deployment/images/event.PNG b/windows/deployment/images/event.png
similarity index 100%
rename from windows/deployment/images/event.PNG
rename to windows/deployment/images/event.png
diff --git a/windows/deployment/images/feedback.PNG b/windows/deployment/images/feedback.png
similarity index 100%
rename from windows/deployment/images/feedback.PNG
rename to windows/deployment/images/feedback.png
diff --git a/windows/deployment/images/image.PNG b/windows/deployment/images/image.png
similarity index 100%
rename from windows/deployment/images/image.PNG
rename to windows/deployment/images/image.png
diff --git a/windows/deployment/images/monitor-pc0001.PNG b/windows/deployment/images/monitor-pc0001.png
similarity index 100%
rename from windows/deployment/images/monitor-pc0001.PNG
rename to windows/deployment/images/monitor-pc0001.png
diff --git a/windows/deployment/images/smodeconfig.PNG b/windows/deployment/images/smodeconfig.png
similarity index 100%
rename from windows/deployment/images/smodeconfig.PNG
rename to windows/deployment/images/smodeconfig.png
diff --git a/windows/deployment/update/images/waas-active-hours-policy.PNG b/windows/deployment/update/images/waas-active-hours-policy.png
similarity index 100%
rename from windows/deployment/update/images/waas-active-hours-policy.PNG
rename to windows/deployment/update/images/waas-active-hours-policy.png
diff --git a/windows/deployment/update/images/waas-active-hours.PNG b/windows/deployment/update/images/waas-active-hours.png
similarity index 100%
rename from windows/deployment/update/images/waas-active-hours.PNG
rename to windows/deployment/update/images/waas-active-hours.png
diff --git a/windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.PNG b/windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.png
similarity index 100%
rename from windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.PNG
rename to windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.png