diff --git a/windows/client-management/mdm/policy-csp-cloudpc.md b/windows/client-management/mdm/policy-csp-cloudpc.md
index 0c497a0c4e..dd52780e9a 100644
--- a/windows/client-management/mdm/policy-csp-cloudpc.md
+++ b/windows/client-management/mdm/policy-csp-cloudpc.md
@@ -4,7 +4,7 @@ description: Learn more about the CloudPC Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
-ms.date: 11/02/2022
+ms.date: 12/27/2022
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
@@ -26,7 +26,7 @@ ms.topic: reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows Insider Preview |
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
@@ -36,6 +36,7 @@ ms.topic: reference
+
This policy is used by IT admin to set the configuration mode of cloud PC.
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index e9849f6706..c13152ace1 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,224 +1,199 @@
---
-title: Policy CSP - Connectivity
-description: Learn how to use the Policy CSP - Connectivity setting to allow the user to enable Bluetooth or restrict access.
+title: Connectivity Policy CSP
+description: Learn more about the Connectivity Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
ms.author: vinpa
-ms.topic: article
+ms.date: 12/27/2022
+ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
-author: vinaypamnani-msft
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer:
-manager: aaroncz
+ms.topic: reference
---
+
+
+
# Policy CSP - Connectivity
->[!TIP]
-> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
+> [!TIP]
+> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
-> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+
-
+
+## AllowBluetooth
-
-## Connectivity policies
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+
-
- -
- Connectivity/AllowBluetooth
-
- -
- Connectivity/AllowCellularData
-
- -
- Connectivity/AllowCellularDataRoaming
-
- -
- Connectivity/AllowConnectedDevices
-
- -
- Connectivity/AllowPhonePCLinking
-
- -
- Connectivity/AllowUSBConnection
-
- -
- Connectivity/AllowVPNOverCellular
-
- -
- Connectivity/AllowVPNRoamingOverCellular
-
- -
- Connectivity/DisablePrintingOverHTTP
-
- -
- Connectivity/DisableDownloadingOfPrintDriversOverHTTP
-
- -
- Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
-
- -
- Connectivity/DisallowNetworkConnectivityActiveTests
-
- -
- Connectivity/HardenedUNCPaths
-
- -
- Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowBluetooth
+```
+
+
+
+Allows the user to enable Bluetooth or restrict access.
-
+**Note**: This value is not supported in Windows Phone 8. 1 MDM and EAS, Windows 10 for desktop, or Windows 10 Mobile. If this is not set or it is deleted, the default value of 2 (Allow) is used. Most restricted value is 0.
+
-
-**Connectivity/AllowBluetooth**
+
+
+
-
+
+**Description framework properties**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 2 |
+
+
+**Allowed values**:
-
-
+| Value | Description |
+|:--|:--|
+| 0 | Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user will not be able to turn Bluetooth on. |
+| 1 | Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. |
+| 2 (Default) | Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on. |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+
+
-> [!div class = "checklist"]
-> * Device
+
-
+
+## AllowCellularData
-
-
-This policy allows the user to enable Bluetooth or restrict access.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+
-> [!NOTE]
-> This value isn't supported in Windows 10.
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowCellularData
+```
+
-If this policy isn't set or is deleted, the default value of 2 (Allow) is used.
+
+
+Allows the cellular data channel on the device. Device reboot is not required to enforce the policy.
+
-Most restricted value is 0.
+
+
+
-
-
-The following list shows the supported values:
+
+**Description framework properties**:
-- 0 – Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be grayed out and the user won't be able to turn on Bluetooth.
-- 1 – Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
-- 2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn on Bluetooth.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
-
-
+
+**Allowed values**:
-
+| Value | Description |
+|:--|:--|
+| 0 | Do not allow the cellular data channel. The user cannot turn it on. This value is not supported in Windows 10, version 1511. |
+| 1 (Default) | Allow the cellular data channel. The user can turn it off. |
+| 2 | Allow the cellular data channel. The user cannot turn it off. |
+
-
-**Connectivity/AllowCellularData**
+
+
+
-
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+## AllowCellularDataRoaming
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowCellularDataRoaming
+```
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+
+This policy setting prevents clients from connecting to Mobile Broadband networks when the client is registered on a roaming provider network.
-> [!div class = "checklist"]
-> * Device
+If this policy setting is enabled, all automatic and manual connection attempts to roaming provider networks are blocked until the client registers with the home provider network.
-
+If this policy setting is not configured or is disabled, clients are allowed to connect to roaming provider Mobile Broadband networks.
+
-
-
+
+
+
-This policy allows the cellular data channel on the device. Device reboot isn't required to enforce the policy.
+
+**Description framework properties**:
-
-
-The following list shows the supported values:
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
-- 0 – Don't allow the cellular data channel. The user can't turn it on. This value isn't supported in Windows 10, version 1511.
-- 1 (default) – Allow the cellular data channel. The user can turn it off.
-- 2 - Allow the cellular data channel. The user can't turn it off.
+
+**Allowed values**:
-
-
+| Value | Description |
+|:--|:--|
+| 0 | Do not allow cellular data roaming. The user cannot turn it on. This value is not supported in Windows 10, version 1511. |
+| 1 (Default) | Allow cellular data roaming. |
+| 2 | Allow cellular data roaming on. The user cannot turn it off. |
+
-
+
+**Group policy mapping**:
-
-**Connectivity/AllowCellularDataRoaming**
+| Name | Value |
+|:--|:--|
+| Name | WCM_DisableRoaming |
+| Friendly Name | Prohibit connection to roaming Mobile Broadband networks |
+| Location | Computer Configuration |
+| Path | Network > Windows Connection Manager |
+| Registry Key Name | Software\Policies\Microsoft\Windows\WcmSvc\GroupPolicy |
+| Registry Value Name | fBlockRoaming |
+| ADMX File Name | WCM.admx |
+
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-Allows or disallows cellular data roaming on the device. Device reboot isn't required to enforce the policy.
-
-Most restricted value is 0.
-
-
-
-ADMX Info:
-- GP Friendly name: *Prohibit connection to roaming Mobile Broadband networks*
-- GP name: *WCM_DisableRoaming*
-- GP path: *Network/Windows Connection Manager*
-- GP ADMX file name: *WCM.admx*
-
-
-
-The following list shows the supported values:
-
-- 0 – Don't allow cellular data roaming. The user can't turn it on. This value isn't supported in Windows 10, version 1511.
-- 1 (default) – Allow cellular data roaming.
-- 2 - Allow cellular data roaming on. The user can't turn it off.
-
-
-
+
+
+**Validate**:
To validate, the enterprise can confirm by observing the roaming enable switch in the UX. It will be inactive if the roaming policy is being enforced by the enterprise policy.
To validate on devices, perform the following steps:
@@ -226,561 +201,721 @@ To validate on devices, perform the following steps:
1. Go to Cellular & SIM.
2. Click on the SIM (next to the signal strength icon) and select **Properties**.
3. On the Properties page, select **Data roaming options**.
+
-
-
+
-
+
+## AllowConnectedDevices
-
-**Connectivity/AllowConnectedDevices**
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowConnectedDevices
+```
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|Yes|Yes|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+Note This policy requires reboot to take effect. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
+
+
+
+
-
-
+
+**Description framework properties**:
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
-> [!div class = "checklist"]
-> * Device
+
+**Allowed values**:
-
+| Value | Description |
+|:--|:--|
+| 0 | Disable (CDP service not available). |
+| 1 (Default) | Allow (CDP service available). |
+
+
+
+
+
+
+
+
+
+## AllowNFC
-
-
> [!NOTE]
-> This policy requires reboot to take effect.
+> This policy is deprecated and may be removed in a future release.
-This policy allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+
-
-
-The following list shows the supported values:
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowNFC
+```
+
-- 1 (default) - Allow (CDP service available).
-- 0 - Disable (CDP service not available).
+
+
+This policy is deprecated.
+
-
-
+
+
+
-
+
+**Description framework properties**:
-
-**Connectivity/AllowPhonePCLinking**
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
-
+
+**Allowed values**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 (Default) | Enabled. |
+
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## AllowPhonePCLinking
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowPhonePCLinking
+```
+
-
-
-This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue tasks, such as reading, email, and other tasks that require linking between Phone and PC.
+
+
+This policy allows IT admins to turn off the ability to Link a Phone with a PC to continue reading, emailing and other tasks that requires linking between Phone and PC.
-If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in 'Continue on PC experiences'.
+If you enable this policy setting, the Windows device will be able to enroll in Phone-PC linking functionality and participate in Continue on PC experiences.
-If you disable this policy setting, the Windows device isn't allowed to be linked to phones, will remove itself from the device list of any linked Phones, and can't participate in 'Continue on PC experiences'.
+If you disable this policy setting, the Windows device is not allowed to be linked to Phones, will remove itself from the device list of any linked Phones, and cannot participate in Continue on PC experiences.
-If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+If you do not configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
+
-
-
-ADMX Info:
-- GP name: *enableMMX*
-- GP ADMX file name: *grouppolicy.admx*
+
+
+
-
-
-This setting supports a range of values between 0 and 1.
+
+**Description framework properties**:
-- 0 - Don't link
-- 1 (default) - Allow phone-PC linking
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
-
-
-Validation:
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Do not link. |
+| 1 (Default) | Allow phone-PC linking. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | EnableMMX |
+| Friendly Name | Phone-PC linking on this device |
+| Location | Computer Configuration |
+| Path | System > Group Policy |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
+| Registry Value Name | EnableMmx |
+| ADMX File Name | GroupPolicy.admx |
+
+
+
+
+**Validate**:
If the Connectivity/AllowPhonePCLinking policy is configured to value 0, add a phone button in the Phones section in settings will be grayed out and clicking it will not launch the window for a user to enter their phone number.
Device that has previously opt-in to MMX will also stop showing on the device list.
+
-
-
+
-
+
+## AllowUSBConnection
-
-**Connectivity/AllowUSBConnection**
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:x: Pro
:x: Enterprise
:x: Education
:x: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowUSBConnection
+```
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|No|No|
-|Windows SE|No|No|
-|Business|No|No|
-|Enterprise|No|No|
-|Education|No|No|
+
+
+NoteCurrently, this policy is supported only in HoloLens 2, Hololens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition. Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging. Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced. Most restricted value is 0.
+
+
+
+
-
-
+
+**Description framework properties**:
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
-> [!div class = "checklist"]
-> * Device
+
+**Allowed values**:
-
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+
-
-
-> [!NOTE]
-> Currently, this policy is supported only in HoloLens 2, Hololens (1st gen) Commercial Suite, and HoloLens (1st gen) Development Edition.
+
+
+
-Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy doesn't affect USB charging.
+
-Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced.
+
+## AllowVPNOverCellular
-Most restricted value is 0.
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+
-
-
-The following list shows the supported values:
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowVPNOverCellular
+```
+
-- 0 – Not allowed.
-- 1 (default) – Allowed.
+
+
+Specifies what type of underlying connections VPN is allowed to use. Most restricted value is 0.
+
-
-
+
+
+
-
+
+**Description framework properties**:
-
-**Connectivity/AllowVPNOverCellular**
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
-
+
+**Allowed values**:
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+| Value | Description |
+|:--|:--|
+| 0 | VPN is not allowed over cellular. |
+| 1 (Default) | VPN can use any connection, including cellular. |
+
+
+
+
-
-
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+## AllowVPNRoamingOverCellular
-> [!div class = "checklist"]
-> * Device
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1507 [10.0.10240] and later |
+
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/AllowVPNRoamingOverCellular
+```
+
-
-
-Specifies what type of underlying connections VPN is allowed to use.
+
+
+Prevents the device from connecting to VPN when the device roams over cellular networks. Most restricted value is 0.
+
-Most restricted value is 0.
+
+
+
-
-
-The following list shows the supported values:
+
+**Description framework properties**:
-- 0 – VPN isn't allowed over cellular.
-- 1 (default) – VPN can use any connection, including cellular.
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
-
-
+
+**Allowed values**:
-
+| Value | Description |
+|:--|:--|
+| 0 | Not allowed. |
+| 1 (Default) | Allowed. |
+
-
-**Connectivity/AllowVPNRoamingOverCellular**
+
+
+
-
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+## DiablePrintingOverHTTP
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/DiablePrintingOverHTTP
+```
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
-This policy prevents the device from connecting to VPN when the device roams over cellular networks.
-
-Most restricted value is 0.
-
-
-
-The following list shows the supported values:
-
-- 0 – Not allowed.
-- 1 (default) – Allowed.
-
-
-
-
-
-
-
-**Connectivity/DisablePrintingOverHTTP**
-
-
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-
-
-
-
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting specifies whether to allow printing over HTTP from this client.
-Printing over HTTP allows a client to print to printers on the intranet and the Internet.
+Printing over HTTP allows a client to print to printers on the intranet as well as the Internet.
-Note: This policy setting affects the client side of Internet printing only. It doesn't prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.
+Note: This policy setting affects the client side of Internet printing only. It does not prevent this computer from acting as an Internet Printing server and making its shared printers available via HTTP.
If you enable this policy setting, it prevents this client from printing to Internet printers over HTTP.
-If you disable or don't configure this policy setting, users can choose to print to Internet printers over HTTP.
+If you disable or do not configure this policy setting, users can choose to print to Internet printers over HTTP.
Also, see the "Web-based printing" policy setting in Computer Configuration/Administrative Templates/Printers.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn off printing over HTTP*
-- GP name: *DisableHTTPPrinting_2*
-- GP path: *Internet Communication settings*
-- GP ADMX file name: *ICM.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-
-**Connectivity/DisableDownloadingOfPrintDriversOverHTTP**
+| Name | Value |
+|:--|:--|
+| Name | DisableHTTPPrinting |
+| Friendly Name | Turn off printing over HTTP |
+| Location | Computer Configuration |
+| Path | InternetManagement > Internet Communication settings |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| Registry Value Name | DisableHTTPPrinting |
+| ADMX File Name | ICM.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+## DisableDownloadingOfPrintDriversOverHTTP
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableDownloadingOfPrintDriversOverHTTP
+```
+
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting specifies whether to allow this client to download print driver packages over HTTP.
To set up HTTP printing, non-inbox drivers need to be downloaded over HTTP.
-Note: This policy setting doesn't prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that aren't already installed locally.
+Note: This policy setting does not prevent the client from printing to printers on the Intranet or the Internet over HTTP. It only prohibits downloading drivers that are not already installed locally.
-If you enable this policy setting, print drivers can't be downloaded over HTTP.
+If you enable this policy setting, print drivers cannot be downloaded over HTTP.
-If you disable or don't configure this policy setting, users can download print drivers over HTTP.
+If you disable or do not configure this policy setting, users can download print drivers over HTTP.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn off downloading of print drivers over HTTP*
-- GP name: *DisableWebPnPDownload_2*
-- GP path: *Internet Communication settings*
-- GP ADMX file name: *ICM.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-
-**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards**
+| Name | Value |
+|:--|:--|
+| Name | DisableWebPnPDownload |
+| Friendly Name | Turn off downloading of print drivers over HTTP |
+| Location | Computer Configuration |
+| Path | InternetManagement > Internet Communication settings |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers |
+| Registry Value Name | DisableWebPnPDownload |
+| ADMX File Name | ICM.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+## DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards
+```
+
-> [!div class = "checklist"]
-> * Device
-
-
-
-
-
+
+
This policy setting specifies whether Windows should download a list of providers for the web publishing and online ordering wizards.
These wizards allow users to select from a list of companies that provide services such as online storage and photographic printing. By default, Windows displays providers downloaded from a Windows website in addition to providers specified in the registry.
-If you enable this policy setting, Windows doesn't download providers, and only the service providers that are cached in the local registry are displayed.
+If you enable this policy setting, Windows does not download providers, and only the service providers that are cached in the local registry are displayed.
-If you disable or don't configure this policy setting, a list of providers is downloaded when the user uses the web publishing or online ordering wizards.
+If you disable or do not configure this policy setting, a list of providers are downloaded when the user uses the web publishing or online ordering wizards.
-For more information, including details on specifying service providers in the registry, see the documentation for the web publishing and online ordering wizards.
+See the documentation for the web publishing and online ordering wizards for more information, including details on specifying service providers in the registry.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Turn off Internet download for Web publishing and online ordering wizards*
-- GP name: *ShellPreventWPWDownload_2*
-- GP path: *Internet Communication settings*
-- GP ADMX file name: *ICM.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-
-**Connectivity/DisallowNetworkConnectivityActiveTests**
+| Name | Value |
+|:--|:--|
+| Name | ShellPreventWPWDownload |
+| Friendly Name | Turn off Internet download for Web publishing and online ordering wizards |
+| Location | Computer Configuration |
+| Path | InternetManagement > Internet Communication settings |
+| Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
+| Registry Value Name | NoWebServices |
+| ADMX File Name | ICM.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+## DisallowNetworkConnectivityActiveTests
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/DisallowNetworkConnectivityActiveTests
+```
+
-> [!div class = "checklist"]
-> * Device
+
+
+This policy setting turns off the active tests performed by the Windows Network Connectivity Status Indicator (NCSI) to determine whether your computer is connected to the Internet or to a more limited network.
-
+As part of determining the connectivity level, NCSI performs one of two active tests: downloading a page from a dedicated Web server or making a DNS request for a dedicated address.
-
-
-Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to `` to determine if the device can communicate with the Internet. This policy disables the NCSI active probe, preventing network connectivity to `www.msftconnecttest.com`.
+If you enable this policy setting, NCSI does not run either of the two active tests. This may reduce the ability of NCSI, and of other components that use NCSI, to determine Internet access.
-Value type is integer.
+If you disable or do not configure this policy setting, NCSI runs one of the two active tests.
+
-
-
-ADMX Info:
-- GP Friendly name: *Turn off Windows Network Connectivity Status Indicator active tests*
-- GP name: *NoActiveProbe*
-- GP path: *Internet Communication settings*
-- GP ADMX file name: *ICM.admx*
+
+
+
-
-
+
+**Description framework properties**:
-
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
-
-**Connectivity/HardenedUNCPaths**
+
+**Allowed values**:
-
+| Value | Description |
+|:--|:--|
+| 1 | Allow |
+| 0 (Default) | Block |
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+**Group policy mapping**:
+| Name | Value |
+|:--|:--|
+| Name | NoActiveProbe |
+| Friendly Name | Turn off Windows Network Connectivity Status Indicator active tests |
+| Location | Computer Configuration |
+| Path | InternetManagement > Internet Communication settings |
+| Registry Key Name | Software\Policies\Microsoft\Windows\NetworkConnectivityStatusIndicator |
+| Registry Value Name | NoActiveProbe |
+| ADMX File Name | ICM.admx |
+
-
-
+
+
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
-> [!div class = "checklist"]
-> * Device
+
+## HardenedUNCPaths
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1703 [10.0.15063] and later |
+
-
-
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/HardenedUNCPaths
+```
+
+
+
+
This policy setting configures secure access to UNC paths.
-If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling other security requirements.
+If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements.
+
-
+
+
+
+
+**Description framework properties**:
-
-ADMX Info:
-- GP Friendly name: *Hardened UNC Paths*
-- GP name: *Pol_HardenedPaths*
-- GP path: *Network/Network Provider*
-- GP ADMX file name: *networkprovider.admx*
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
-
-
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
+**ADMX mapping**:
-
-**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge**
+| Name | Value |
+|:--|:--|
+| Name | Pol_HardenedPaths |
+| Friendly Name | Hardened UNC Paths |
+| Location | Computer Configuration |
+| Path | Network > Network Provider |
+| Registry Key Name | Software\Policies\Microsoft\Windows\NetworkProvider\HardenedPaths |
+| ADMX File Name | NetworkProvider.admx |
+
-
+
+
+
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
+
+
+## ProhibitInstallationAndConfigurationOfNetworkBridge
-
-
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device
:x: User | :x: Home
:heavy_check_mark: Pro
:heavy_check_mark: Enterprise
:heavy_check_mark: Education
:heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
+
-
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge
+```
+
-> [!div class = "checklist"]
-> * Device
+
+
+Determines whether a user can install and configure the Network Bridge.
-
+Important: This settings is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.
-
-
-This policy determines whether a user can install and configure the Network Bridge.
+The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segements together. This connection appears in the Network Connections folder.
-Important: This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting doesn't apply.
+If you disable this setting or do not configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting does not remove an existing Network Bridge from the user's computer.
+
-The Network Bridge allows users to create a layer 2 MAC bridge, enabling them to connect two or more network segments together. This connection appears in the Network Connections folder.
+
+
+
-If you disable this setting or don't configure it, the user will be able to create and modify the configuration of a Network Bridge. Enabling this setting doesn't remove an existing Network Bridge from the user's computer.
+
+**Description framework properties**:
-
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-
-ADMX Info:
-- GP Friendly name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
-- GP name: *NC_AllowNetBridge_NLA*
-- GP path: *Network/Network Connections*
-- GP ADMX file name: *NetworkConnections.admx*
+**ADMX mapping**:
-
-
+| Name | Value |
+|:--|:--|
+| Name | NC_AllowNetBridge_NLA |
+| Friendly Name | Prohibit installation and configuration of Network Bridge on your DNS domain network |
+| Location | Computer Configuration |
+| Path | Network > Network Connections |
+| Registry Key Name | Software\Policies\Microsoft\Windows\Network Connections |
+| Registry Value Name | NC_AllowNetBridge_NLA |
+| ADMX File Name | NetworkConnections.admx |
+
-
+
+
+
+
+
+
+
-
+
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)