From cf41ad11bb4cba8c4b31075e8a94d6d8c8dbd02e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 24 Nov 2021 17:26:50 +0530 Subject: [PATCH 01/11] Added missing policies in policy-system-csp.md Added: - System/LimitDiagnosticLogCollection - System/LimitDumpCollection --- .../policy-configuration-service-provider.md | 6 + .../mdm/policy-csp-system.md | 143 ++++++++++++++++++ 2 files changed, 149 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..a49ccf6dae 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8358,6 +8358,12 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
System/FeedbackHubAlwaysSaveDiagnosticsLocally
+
+ System/LimitDiagnosticLogCollection +
+
+ System/LimitDumpCollection +
System/LimitEnhancedDiagnosticDataWindowsAnalytics
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 04cccacbb5..f963b773a2 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -94,6 +94,9 @@ manager: dansimp
System/FeedbackHubAlwaysSaveDiagnosticsLocally
+
+ System/LimitDiagnosticLogCollection +
System/LimitEnhancedDiagnosticDataWindowsAnalytics
@@ -1766,6 +1769,146 @@ The following list shows the supported values:
+ +**System/LimitDiagnosticLogCollection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting specifies whether diagnostic log data can be collected when more information is needed to troubleshoot a problem. It is sent only if we have permission to collect optional diagnostic data, and only if the device meets the criteria for additional data collection. + +If you disable or do not configure this policy setting, we may occasionally collect advanced diagnostic data if the user has opted to send optional diagnostic data. + + + +ADMX Info: +- GP Friendly name: *Limit Diagnostic Log Collection* +- GP name: *LimitDiagnosticLogCollection* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + +The following list shows the supported values: + +- 0 – Disabled +- 1 – Enabled +- + + + +
+ + +**System/LimitDumpCollection** + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting limits the type of dumps that can be collected when more information is needed to troubleshoot a problem. These dumps are not sent unless we have permission to collect optional diagnostic data. + +By enabling this policy setting, Windows Error Reporting is limited to sending kernel mini dumps and user mode triage dumps only. + +If you disable or do not configure this policy setting, we may occasionally collect full or heap dumps if the user has opted to send optional diagnostic data. + + + +ADMX Info: +- GP Friendly name: *Limit Dump Collection* +- GP name: *LimitDumpCollection* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + +The following list shows the supported values: + +- 0 – Disabled +- 1 – Enabled +- + + + +
+ **System/LimitEnhancedDiagnosticDataWindowsAnalytics** From 5436b59670ae0a26a8da33989fc394926a57e98e Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 24 Nov 2021 17:30:08 +0530 Subject: [PATCH 02/11] added index --- windows/client-management/mdm/policy-csp-system.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index f963b773a2..15ca67148a 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -97,6 +97,9 @@ manager: dansimp
System/LimitDiagnosticLogCollection
+
+ System/LimitDumpCollection +
System/LimitEnhancedDiagnosticDataWindowsAnalytics
From d1d396088b4b4607673053ce12e8bdac07e076bf Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Thu, 25 Nov 2021 17:44:48 +0530 Subject: [PATCH 03/11] Added missing CSP in WirelessDisplay.md Added: - WirelessDisplay/AllowMovementDetectionOnInfrastructure --- .../policy-configuration-service-provider.md | 3 + .../mdm/policy-csp-wirelessdisplay.md | 74 +++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bbd3101f94..a2c7c9c52a 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -8979,6 +8979,9 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC
WirelessDisplay/AllowMdnsDiscovery
+
+ WirelessDisplay/AllowMovementDetectionOnInfrastructure +
WirelessDisplay/AllowProjectionFromPC
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 9d941ee024..779859ca11 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -26,6 +26,9 @@ manager: dansimp
WirelessDisplay/AllowMdnsDiscovery
+
+ WirelessDisplay/AllowMovementDetectionOnInfrastructure +
WirelessDisplay/AllowProjectionFromPC
@@ -177,6 +180,77 @@ The following list shows the supported values:
+ +**WirelessDisplay/AllowMovementDetectionOnInfrastructure** + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ + +
+ + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
+ + + +This policy setting allows you to disable the infrastructure movement detection feature. + +If you set it to 0, your PC may stay connected and continue to project if you walk away from a Wireless Display receiver to which you are projecting over infrastructure. + +If you set it to 1, your PC will detect that you have moved and will automatically disconnect your infrastructure Wireless Display session. + +The default value is 1. + + + + +The following list shows the supported values: + +- 0 - Do not allow +- 1 (Default) - Allow + + + + +
+ **WirelessDisplay/AllowProjectionFromPC** From 4c39fc5d17d3853b205df96ff4439a23b440a462 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Fri, 3 Dec 2021 12:36:19 +0530 Subject: [PATCH 04/11] Converted tables --- .../mdm/policy-csp-system.md | 68 ++++--------------- 1 file changed, 14 insertions(+), 54 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 78a94359dc..f5067a2490 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1305,33 +1305,13 @@ The following list shows the supported values: **System/LimitDiagnosticLogCollection** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
@@ -1374,33 +1354,13 @@ The following list shows the supported values: **System/LimitDumpCollection** - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
From 5e65169f019180f2e08f6992ac869010386f5749 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi Date: Wed, 8 Dec 2021 14:18:08 +0530 Subject: [PATCH 05/11] Converted table --- .../mdm/policy-csp-wirelessdisplay.md | 40 ++++--------------- 1 file changed, 8 insertions(+), 32 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md index 75114ad157..d61b982f66 100644 --- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md +++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md @@ -136,38 +136,14 @@ The following list shows the supported values: **WirelessDisplay/AllowMovementDetectionOnInfrastructure** - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
EditionWindows 10Windows 11
HomeNoNo
ProYesYes
BusinessYesYes
EnterpriseYesYes
EducationYesYes
+ +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes|
From be24de50d58a8e98c68a2a602c3dc705317039de Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Thu, 9 Dec 2021 18:49:53 +0530 Subject: [PATCH 06/11] i corrected sentences as per user feedback #10193 , so i corrected it after verifying with GPO explanation under Windows 11. --- .../hello-for-business/hello-manage-in-organization.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index 5610f8e167..f7d07b7d3c 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -59,7 +59,7 @@ The following table lists the Group Policy settings that you can configure for W |Minimum PIN length|Computer|

Not configured: PIN length must be greater than or equal to 4.

Enabled: PIN length must be greater than or equal to the number you specify.

Disabled: PIN length must be greater than or equal to 4.| |Expiration|Computer|

Not configured: PIN does not expire.

Enabled: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.

Disabled: PIN does not expire.| |History|Computer|

Not configured: Previous PINs are not stored.

Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.

Disabled: Previous PINs are not stored.

Note  Current PIN is included in PIN history.
| -|Require special characters|Computer|

Not configured: Users cannot include a special character in their PIN

Enabled: Users must include at least one special character in their PIN.

Disabled: Users cannot include a special character in their PIN.| +|Require special characters|Computer|

Not configured: Windows allows, but does not require, special characters in the PIN

Enabled: Windows requires the user to include at least one special character in their PIN.

Disabled: Windows does not allow the user to include special characters in their PIN.| |Require uppercase letters|Computer|

Not configured: Users cannot include an uppercase letter in their PIN.

Enabled: Users must include at least one uppercase letter in their PIN.

Disabled: Users cannot include an uppercase letter in their PIN.| ### Phone Sign-in @@ -168,4 +168,4 @@ If you want to use Windows Hello for Business with certificates, you'll need a d - [Windows Hello and password changes](hello-and-password-changes.md) - [Windows Hello errors during PIN creation](hello-errors-during-pin-creation.md) - [Event ID 300 - Windows Hello successfully created](hello-event-300.md) -- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) \ No newline at end of file +- [Windows Hello biometrics in the enterprise](hello-biometrics-in-enterprise.md) From 01232537854d3ca68205abf262b1282694dc6600 Mon Sep 17 00:00:00 2001 From: VARADHARAJAN K <3296790+RAJU2529@users.noreply.github.com> Date: Fri, 10 Dec 2021 10:52:53 +0530 Subject: [PATCH 07/11] Update windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md Accepted Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> --- .../hello-for-business/hello-manage-in-organization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md index f7d07b7d3c..d6d92affa4 100644 --- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md +++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md @@ -59,7 +59,7 @@ The following table lists the Group Policy settings that you can configure for W |Minimum PIN length|Computer|

Not configured: PIN length must be greater than or equal to 4.

Enabled: PIN length must be greater than or equal to the number you specify.

Disabled: PIN length must be greater than or equal to 4.| |Expiration|Computer|

Not configured: PIN does not expire.

Enabled: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.

Disabled: PIN does not expire.| |History|Computer|

Not configured: Previous PINs are not stored.

Enabled: Specify the number of previous PINs that can be associated to a user account that can't be reused.

Disabled: Previous PINs are not stored.

Note  Current PIN is included in PIN history.
| -|Require special characters|Computer|

Not configured: Windows allows, but does not require, special characters in the PIN

Enabled: Windows requires the user to include at least one special character in their PIN.

Disabled: Windows does not allow the user to include special characters in their PIN.| +|Require special characters|Computer|

Not configured: Windows allows, but does not require, special characters in the PIN.

Enabled: Windows requires the user to include at least one special character in their PIN.

Disabled: Windows does not allow the user to include special characters in their PIN.| |Require uppercase letters|Computer|

Not configured: Users cannot include an uppercase letter in their PIN.

Enabled: Users must include at least one uppercase letter in their PIN.

Disabled: Users cannot include an uppercase letter in their PIN.| ### Phone Sign-in From daa4dc268f1d87d5c7434e2e84263e8924d4cd00 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Fri, 10 Dec 2021 11:55:34 -0700 Subject: [PATCH 08/11] Update windows/client-management/mdm/policy-csp-system.md --- windows/client-management/mdm/policy-csp-system.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 92131c2cb0..67975bf4f5 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1395,7 +1395,6 @@ The following list shows the supported values: - 0 – Disabled - 1 – Enabled -- From f6e3d1ed26791189d63ac6bf53c35820774b8a44 Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Fri, 10 Dec 2021 11:59:24 -0700 Subject: [PATCH 09/11] Update windows/client-management/mdm/policy-csp-system.md --- windows/client-management/mdm/policy-csp-system.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index 67975bf4f5..c3266bea55 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1344,7 +1344,6 @@ The following list shows the supported values: - 0 – Disabled - 1 – Enabled -- From 7417a4764dbdb84a2625d40308bff6a0ebb5b3fa Mon Sep 17 00:00:00 2001 From: Diana Hanson Date: Fri, 10 Dec 2021 12:00:45 -0700 Subject: [PATCH 10/11] Update policy-csp-system.md --- windows/client-management/mdm/policy-csp-system.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index c3266bea55..9e31c3a67b 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -1344,6 +1344,7 @@ The following list shows the supported values: - 0 – Disabled - 1 – Enabled + From 91183da4a1033ef79055a64ec8170e176a1e1fbf Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Fri, 10 Dec 2021 11:37:02 -0800 Subject: [PATCH 11/11] added full size images to resolve customer-submitted issue in public repo --- .../hello-for-business/hello-how-it-works-provisioning.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md index c114cd86e5..bf92834f9b 100644 --- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md +++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md @@ -39,6 +39,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, ## Azure AD joined provisioning in a Managed environment ![Azure AD joined provisioning in a Managed environment.](images/howitworks/prov-aadj-managed.png) +[Full size image](images/howitworks/prov-aadj-managed.png) | Phase | Description | | :----: | :----------- | @@ -50,6 +51,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Azure AD joined provisioning in a Federated environment ![Azure AD joined provisioning in Managed environment.](images/howitworks/prov-aadj-federated.png) +[Full size image](images/howitworks/prov-aadj-federated.png) | Phase | Description | | :----: | :----------- | @@ -60,7 +62,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment ![Hybrid Azure AD joined provisioning in a Key Trust deployment in a Managed environment.](images/howitworks/prov-haadj-keytrust-managed.png) - +[Full size image](images/howitworks/prov-haadj-keytrust-managed.png) | Phase | Description | |:-----:|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -78,7 +80,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment ![Hybrid Azure AD joined provisioning in a synchronous Certificate Trust deployment in a Federated environment.](images/howitworks/prov-haadj-instant-certtrust-federated.png) - +[Full size image](images/howitworks/prov-haadj-instant-certtrust-federated.png) | Phase | Description | |:-----:|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| @@ -96,6 +98,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Domain joined provisioning in an On-premises Key Trust deployment ![Domain joined provisioning in an On-premises Key Trust deployment.](images/howitworks/prov-onprem-keytrust.png) +[Full size image](images/howitworks/prov-onprem-keytrust.png) | Phase | Description | | :----: | :----------- | @@ -107,6 +110,7 @@ Windows Hello for Business provisioning enables a user to enroll a new, strong, [Return to top](#windows-hello-for-business-provisioning) ## Domain joined provisioning in an On-premises Certificate Trust deployment ![Domain joined provisioning in an On-premises Certificate Trust deployment.](images/howitworks/prov-onprem-certtrust.png) +[Full size image](images/howitworks/prov-onprem-certtrust.png) | Phase | Description | | :----: | :----------- |