diff --git a/windows/client-management/mdm/declaredconfiguration-csp.md b/windows/client-management/mdm/declaredconfiguration-csp.md
index 4251c9ab44..e9843249a5 100644
--- a/windows/client-management/mdm/declaredconfiguration-csp.md
+++ b/windows/client-management/mdm/declaredconfiguration-csp.md
@@ -1,7 +1,7 @@
---
title: DeclaredConfiguration CSP
description: Learn more about the DeclaredConfiguration CSP.
-ms.date: 09/12/2024
+ms.date: 11/05/2024
---
@@ -45,6 +45,8 @@ The following list shows the DeclaredConfiguration configuration service provide
- [Results](#hostinventoryresults)
- [{DocID}](#hostinventoryresultsdocid)
- [Document](#hostinventoryresultsdociddocument)
+ - [ManagementServiceConfiguration](#managementserviceconfiguration)
+ - [ConflictResolution](#managementserviceconfigurationconflictresolution)
@@ -728,6 +730,93 @@ The Document node's value is an XML based document containing a collection of se
+
+## ManagementServiceConfiguration
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DeclaredConfiguration/ManagementServiceConfiguration
+```
+
+
+
+
+The ManagementServiceConfiguration node that's used to control certain Windows Declared Configuration behavior.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `node` |
+| Access Type | Get |
+
+
+
+
+
+
+
+
+
+### ManagementServiceConfiguration/ConflictResolution
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/DeclaredConfiguration/ManagementServiceConfiguration/ConflictResolution
+```
+
+
+
+
+This node controls to turn on conflict resolution on and off.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | The conflict resolution is OFF. |
+| 1 | The conflict resolution is ON. |
+
+
+
+
+
+
+
+
## DeclaredConfiguration OMA URI
diff --git a/windows/client-management/mdm/declaredconfiguration-ddf-file.md b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
index 07e2e406e6..6d50da92cb 100644
--- a/windows/client-management/mdm/declaredconfiguration-ddf-file.md
+++ b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
@@ -1,7 +1,7 @@
---
title: DeclaredConfiguration DDF file
description: View the XML file containing the device description framework (DDF) for the DeclaredConfiguration configuration service provider.
-ms.date: 06/28/2024
+ms.date: 11/05/2024
---
@@ -466,6 +466,61 @@ The following XML file contains the device description framework (DDF) for the D
+
+ ManagementServiceConfiguration
+
+
+
+
+ The ManagementServiceConfiguration node that is used to control certain Windows Declared Configuration behavior
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ConflictResolution
+
+
+
+
+
+
+
+ This node controls to turn on conflict resolution on and off.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+ The conflict resolution is OFF.
+
+
+ 1
+ The conflict resolution is ON.
+
+
+
+
+
```
diff --git a/windows/client-management/mdm/laps-csp.md b/windows/client-management/mdm/laps-csp.md
index 76508deef5..b524fe09eb 100644
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@@ -1,7 +1,7 @@
---
title: LAPS CSP
description: Learn more about the LAPS CSP.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -325,7 +325,7 @@ Note if a custom managed local administrator account name is specified in this s
Use this setting to configure whether the password is encrypted before being stored in Active Directory.
-This setting is ignored if the password is currently being stored in Azure.
+This setting is ignored if the password is currently being stored in Microsoft Entra ID.
This setting is only honored when the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
@@ -387,7 +387,7 @@ If not specified, this setting defaults to True.
Use this setting to configure the name or SID of a user or group that can decrypt the password stored in Active Directory.
-This setting is ignored if the password is currently being stored in Azure.
+This setting is ignored if the password is currently being stored in Microsoft Entra ID.
If not specified, the password will be decryptable by the Domain Admins group in the device's domain.
diff --git a/windows/client-management/mdm/laps-ddf-file.md b/windows/client-management/mdm/laps-ddf-file.md
index d32a646434..8924f4d542 100644
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@@ -1,7 +1,7 @@
---
title: LAPS DDF file
description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -80,7 +80,7 @@ The following XML file contains the device description framework (DDF) for the L
The allowable settings are:
0=Disabled (password will not be backed up)
-1=Backup the password to Azure AD only
+1=Backup the password to Microsoft Entra ID only
2=Backup the password to Active Directory only
If not specified, this setting will default to 0.
@@ -103,7 +103,7 @@ If not specified, this setting will default to 0.
1
- Backup the password to Azure AD only
+ Backup the password to Microsoft Entra ID only
2
@@ -126,7 +126,7 @@ If not specified, this setting will default to 0.
If not specified, this setting will default to 30 days
-This setting has a minimum allowed value of 1 day when backing the password to onpremises Active Directory, and 7 days when backing the password to Azure AD.
+This setting has a minimum allowed value of 1 day when backing the password to onpremises Active Directory, and 7 days when backing the password to Microsoft Entra ID.
This setting has a maximum allowed value of 365 days.
@@ -154,7 +154,7 @@ This setting has a maximum allowed value of 365 days.
1
- BackupDirectory configured to Azure AD
+ BackupDirectory configured to Microsoft Entra ID
@@ -442,7 +442,7 @@ If not specified, this setting defaults to True.
True
Use this setting to configure whether the password is encrypted before being stored in Active Directory.
-This setting is ignored if the password is currently being stored in Azure.
+This setting is ignored if the password is currently being stored in Microsoft Entra ID.
This setting is only honored when the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
@@ -499,7 +499,7 @@ If not specified, this setting defaults to True.
Use this setting to configure the name or SID of a user or group that can decrypt the password stored in Active Directory.
-This setting is ignored if the password is currently being stored in Azure.
+This setting is ignored if the password is currently being stored in Microsoft Entra ID.
If not specified, the password will be decryptable by the Domain Admins group in the device's domain.
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 2b322e0891..3dcbc10721 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -1,7 +1,7 @@
---
title: PassportForWork CSP
description: Learn more about the PassportForWork CSP.
-ms.date: 08/06/2024
+ms.date: 11/05/2024
---
@@ -265,7 +265,7 @@ If the user forgets their PIN, it can be changed to a new PIN using the Windows
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index c94b22aed5..e53fb8e225 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -1,7 +1,7 @@
---
title: PassportForWork DDF file
description: View the XML file containing the device description framework (DDF) for the PassportForWork configuration service provider.
-ms.date: 06/28/2024
+ms.date: 11/05/2024
---
@@ -831,7 +831,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
- 99.9.99999
+ 10.0.22621
1.6
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index ebfe368e86..ea1f4f9b24 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -1,7 +1,7 @@
---
title: Policies supported by Windows 10 Team
description: Learn about the policies supported by Windows 10 Team.
-ms.date: 08/06/2024
+ms.date: 11/05/2024
---
@@ -417,6 +417,7 @@ This article lists the policies that are applicable for the Surface Hub operatin
- [ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#excludejapaneseimeexceptjis0208andeudc)
- [ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#excludejapaneseimeexceptshiftjis)
- [ForceTouchKeyboardDockedState](policy-csp-textinput.md#forcetouchkeyboarddockedstate)
+- [TouchKeyboardControllerModeAvailability](policy-csp-textinput.md#touchkeyboardcontrollermodeavailability)
- [TouchKeyboardDictationButtonAvailability](policy-csp-textinput.md#touchkeyboarddictationbuttonavailability)
- [TouchKeyboardEmojiButtonAvailability](policy-csp-textinput.md#touchkeyboardemojibuttonavailability)
- [TouchKeyboardFullModeAvailability](policy-csp-textinput.md#touchkeyboardfullmodeavailability)
diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md
index 2c62565783..9566e606d2 100644
--- a/windows/client-management/mdm/policies-in-preview.md
+++ b/windows/client-management/mdm/policies-in-preview.md
@@ -1,7 +1,7 @@
---
title: Configuration service provider preview policies
description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -29,10 +29,17 @@ This article lists the policies that are applicable for Windows Insider Preview
- [EnablePhysicalDeviceAccessOnErrorScreens](clouddesktop-csp.md#userenablephysicaldeviceaccessonerrorscreens)
- [EnableBootToCloudSharedPCMode](clouddesktop-csp.md#deviceenableboottocloudsharedpcmode)
+## Connectivity
+
+- [UseCellularWhenWiFiPoor](policy-csp-connectivity.md#usecellularwhenwifipoor)
+- [DisableCellularSettingsPage](policy-csp-connectivity.md#disablecellularsettingspage)
+- [DisableCellularOperatorSettingsPage](policy-csp-connectivity.md#disablecellularoperatorsettingspage)
+
## DeclaredConfiguration CSP
- [Document](declaredconfiguration-csp.md#hostcompletedocumentsdociddocument)
- [Abandoned](declaredconfiguration-csp.md#hostcompletedocumentsdocidpropertiesabandoned)
+- [ConflictResolution](declaredconfiguration-csp.md#managementserviceconfigurationconflictresolution)
## DeliveryOptimization
@@ -52,6 +59,10 @@ This article lists the policies that are applicable for Windows Insider Preview
- [MdmAgentInstalled](devicepreparation-csp.md#mdmprovidermdmagentinstalled)
- [RebootRequired](devicepreparation-csp.md#mdmproviderrebootrequired)
+## Display
+
+- [ConfigureMultipleDisplayMode](policy-csp-display.md#configuremultipledisplaymode)
+
## DMClient CSP
- [DiscoveryEndpoint](dmclient-csp.md#deviceproviderprovideridlinkedenrollmentdiscoveryendpoint)
@@ -97,7 +108,6 @@ This article lists the policies that are applicable for Windows Insider Preview
## PassportForWork CSP
-- [EnableWindowsHelloProvisioningForSecurityKeys](passportforwork-csp.md#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys)
- [DisablePostLogonProvisioning](passportforwork-csp.md#devicetenantidpoliciesdisablepostlogonprovisioning)
## Reboot CSP
@@ -112,6 +122,10 @@ This article lists the policies that are applicable for Windows Insider Preview
- [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled)
+## TextInput
+
+- [TouchKeyboardControllerModeAvailability](policy-csp-textinput.md#touchkeyboardcontrollermodeavailability)
+
## Update
- [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol)
@@ -123,9 +137,14 @@ This article lists the policies that are applicable for Windows Insider Preview
## WindowsAI
-- [SetCopilotHardwareKey](policy-csp-windowsai.md#setcopilothardwarekey)
+- [SetDenyAppListForRecall](policy-csp-windowsai.md#setdenyapplistforrecall)
+- [SetDenyUriListForRecall](policy-csp-windowsai.md#setdenyurilistforrecall)
+- [SetMaximumStorageSpaceForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragespaceforrecallsnapshots)
+- [SetMaximumStorageDurationForRecallSnapshots](policy-csp-windowsai.md#setmaximumstoragedurationforrecallsnapshots)
+- [AllowRecallExport](policy-csp-windowsai.md#allowrecallexport)
- [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator)
- [DisableCocreator](policy-csp-windowsai.md#disablecocreator)
+- [AllowRecallEnablement](policy-csp-windowsai.md#allowrecallenablement)
## WindowsLicensing CSP
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 1a15adf8c0..5ed3127e3f 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,7 +1,7 @@
---
title: Connectivity Policy CSP
description: Learn more about the Connectivity Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 11/05/2024
---
@@ -11,6 +11,8 @@ ms.date: 04/10/2024
[!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -584,6 +586,104 @@ Also, see the "Web-based printing" policy setting in Computer Configuration/Admi
+
+## DisableCellularOperatorSettingsPage
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableCellularOperatorSettingsPage
+```
+
+
+
+
+This policy makes all configurable settings in the 'Cellular' > 'Mobile operator settings' page read-only.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+
+
+
+
+
+
+## DisableCellularSettingsPage
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/DisableCellularSettingsPage
+```
+
+
+
+
+This policy makes all configurable settings in the 'Cellular' Settings page read-only.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+
+
+
+
+
+
+
+
## DisableDownloadingOfPrintDriversOverHTTP
@@ -899,6 +999,55 @@ If you disable this setting or don't configure it, the user will be able to crea
+
+## UseCellularWhenWiFiPoor
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Connectivity/UseCellularWhenWiFiPoor
+```
+
+
+
+
+This policy allows the use of a cellular connection when Wi-Fi connectivity is limited.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disabled. |
+| 1 (Default) | Enabled. |
+
+
+
+
+
+
+
+
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 8f021f8337..01753099d8 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,7 +1,7 @@
---
title: Display Policy CSP
description: Learn more about the Display Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 11/05/2024
---
@@ -9,10 +9,72 @@ ms.date: 01/18/2024
# Policy CSP - Display
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+
+## ConfigureMultipleDisplayMode
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/Display/ConfigureMultipleDisplayMode
+```
+
+
+
+
+This policy set the default display to set the arrangement between cloning or extending.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Default. |
+| 1 (Default) | Clone. |
+| 2 | Extend. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ConfigureMultipleDisplayMode |
+| Path | Display > AT > System > DisplayCat |
+| Element Name | ConfigureMultipleDisplayModePrompt |
+
+
+
+
+
+
+
+
## DisablePerProcessDpiForApps
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 031f151e0e..bdd4e1fcd0 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,7 +1,7 @@
---
title: LocalPoliciesSecurityOptions Policy CSP
description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -388,10 +388,27 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
|:--|:--|
| Format | `b64` |
| Access Type | Add, Delete, Get, Replace |
-| Allowed Values | List (Delimiter: ``) |
-| Default Value | 00 |
+| Default Value | AA== |
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| AQ== | Enable. |
+| AA== (Default) | Disable. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | Audit: Audit the use of Backup and Restore privilege |
+| Path | Windows Settings > Security Settings > Local Policies > Security Options |
+
+
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 70acc4ac5e..a3d59bef8b 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,7 +1,7 @@
---
title: RemoteDesktopServices Policy CSP
description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -156,7 +156,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2461] and later
✅ [10.0.25398.887] and later
✅ Windows 10, version 2004 [10.0.19041.4474] and later
✅ Windows 11, version 21H2 with [KB5037770](https://support.microsoft.com/help/5037770) [10.0.22000.2960] and later
✅ Windows 11, version 22H2 with [KB5037771](https://support.microsoft.com/help/5037771) [10.0.22621.3593] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -217,7 +217,7 @@ This policy applies only when using legacy authentication to authenticate to the
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2461] and later
✅ [10.0.25398.887] and later
✅ Windows 10, version 2004 [10.0.19041.4474] and later
✅ Windows 11, version 21H2 with [KB5037770](https://support.microsoft.com/help/5037770) [10.0.22000.2960] and later
✅ Windows 11, version 22H2 with [KB5037771](https://support.microsoft.com/help/5037771) [10.0.22621.3593] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 359c78a5c8..ef469c7c40 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,7 +1,7 @@
---
title: TextInput Policy CSP
description: Learn more about the TextInput Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 11/05/2024
---
@@ -9,6 +9,8 @@ ms.date: 01/18/2024
# Policy CSP - TextInput
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
@@ -1172,6 +1174,56 @@ Specifies the touch keyboard is always docked. When this policy is set to enable
+
+## TouchKeyboardControllerModeAvailability
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/TextInput/TouchKeyboardControllerModeAvailability
+```
+
+
+
+
+Specifies whether the controller keyboard mode is enabled or disabled for the touch keyboard. When this policy is set to disabled, the controller keyboard mode for touch keyboard is disabled.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | The OS determines when it's most appropriate to be available. |
+| 1 | Controller keyboard is always available. |
+| 2 | Controller keyboard is always disabled. |
+
+
+
+
+
+
+
+
## TouchKeyboardDictationButtonAvailability
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 677a40fffb..547985d9b2 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,7 +1,7 @@
---
title: Wifi Policy CSP
description: Learn more about the Wifi Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 11/05/2024
---
@@ -188,10 +188,7 @@ By default, ICS is disabled when you create a remote access connection, but admi
-Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks. Most restricted value is 0.
-
-> [!NOTE]
-> Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that aren't user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted.
+Allow or block connections to Wi-Fi outside of MDM server-installed networks. If you change this setting to Block, you must deploy enterprise Wi-Fi profiles to the device using the Wi-Fi CSP before you apply this setting. Otherwise, the device will go offline since it won't be able to connect to Wi-Fi. Note that choosing to block Wi-Fi connections will delete any previously installed user-configured Wi-Fi profiles from the device, though not all non-MDM profiles will be deleted.
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 642e2df000..1e01305590 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,7 +1,7 @@
---
title: WindowsAI Policy CSP
description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 09/27/2024
+ms.date: 11/05/2024
---
@@ -15,19 +15,143 @@ ms.date: 09/27/2024
+
+## AllowRecallEnablement
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/AllowRecallEnablement
+```
+
+
+
+
+This policy allows you to determine whether Recall optional component allowed on a device. When this policy enabled, Recall bits are allowed on a device. If the police set to disabled or not configured, it's a signal to disable Recall and remove Recall component bits from device (all users snapshot data will be deleted).
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 1 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Recall isn't available. |
+| 1 (Default) | Recall is available. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowRecallEnablement |
+| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+
+
+
+
+
+
+
+
+
+## AllowRecallExport
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/AllowRecallExport
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/AllowRecallExport
+```
+
+
+
+
+This policy allows you to determine whether Recall and snapshot information can be exported. Recall and snapshot information may be sensitive, and the files that are exported are unencrypted. Users can export from Settings > Privacy & Security > Recall & Snapshots > Advanced Settings > Export your Recall and snapshot info. Users are warned that the files are unencrypted before exporting. When you set this policy to enabled, users will be able to export Recall and snapshot information. If the policy is set to disabled or not configured, users won't be able to export their Recall and snapshot information.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Deny export of Recall and snapshots information. |
+| 1 | Allow export of Recall and snapshot information. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | AllowRecallExport |
+| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+
+
+
+
+
+
+
+
## DisableAIDataAnalysis
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
```User
./User/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
+```
@@ -212,7 +336,7 @@ This policy setting allows you to control whether Image Creator functionality is
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ❌ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5044380](https://support.microsoft.com/help/5044380) [10.0.22621.4391] and later |
@@ -258,6 +382,244 @@ This policy setting determines which app opens when the user presses the Copilot
+
+## SetDenyAppListForRecall
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyAppListForRecall
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyAppListForRecall
+```
+
+
+
+
+This policy allows you to define a list of apps that Windows won't include in snapshots for Recall. Users will be able to add additional applications to exclude from snapshots using Recall settings. The list can include Application User Model IDs (AUMID) or the name of the executable file. Use a semicolon-separated list of apps to define the deny app list for Recall. For example: code.exe;Microsoft. WindowsNotepad_8wekyb3d8bbwe!App;ms-teams.exe.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `;`) |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DenyAppListForRecall |
+| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+
+
+
+
+
+
+
+
+
+## SetDenyUriListForRecall
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyUriListForRecall
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetDenyUriListForRecall
+```
+
+
+
+
+This policy allows you to define a list of URIs that Windows won't include in snapshots for Recall when a supported browser is used. Users will be able to add additional websites to exclude from snapshots using Recall settings. Adding WoodgroveBank.com to the list would also filter Account. WoodgroveBank.com and WoodgroveBank.com/Account. Use a semicolon-separated list of URIs to define the deny URI list for Recall. For example: Contoso.com;WoodgroveBank.com;Adatum.com.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `;`) |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | DenyUriListForRecall |
+| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+
+
+
+
+
+
+
+
+
+## SetMaximumStorageDurationForRecallSnapshots
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageDurationForRecallSnapshots
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageDurationForRecallSnapshots
+```
+
+
+
+
+This policy setting allows you to control the maximum amount of time (in days) that Windows saves snapshots for Recall. When the policy is enabled, you can configure the maximum storage duration to be 30, 60, 90, or 180 days. When this policy isn't configured, a time frame isn't set for deleting snapshots. Snapshots aren't deleted until the maximum storage allocation for Recall is reached, and then the oldest snapshots are deleted first.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Let the OS define the maximum amount of time the snapshots will be saved. |
+| 30 | 30 days. |
+| 60 | 60 days. |
+| 90 | 90 days. |
+| 180 | 180 days. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SetMaximumStorageDurationForRecallSnapshots |
+| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+
+
+
+
+
+
+
+
+
+## SetMaximumStorageSpaceForRecallSnapshots
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```User
+./User/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageSpaceForRecallSnapshots
+```
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/WindowsAI/SetMaximumStorageSpaceForRecallSnapshots
+```
+
+
+
+
+This policy setting allows you to control the maximum amount of disk space that can be used by Windows to save snapshots for Recall. You can set the maximum amount of disk space for snapshots to be 10, 25, 50, 75, 100, or 150 GB. When this setting isn't configured, the OS configures the storage allocation for snapshots based on the device storage capacity. 25 GB is allocated when the device storage capacity is 256 GB. 75 GB is allocated when the device storage capacity is 512 GB. 150 GB is allocated when the device storage capacity is 1 TB or higher.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `int` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | 0 |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Let the OS define the maximum storage amount based on hard drive storage size. |
+| 10000 | 10GB. |
+| 25000 | 25GB. |
+| 50000 | 50GB. |
+| 75000 | 75GB. |
+| 100000 | 100GB. |
+| 150000 | 150GB. |
+
+
+
+**Group policy mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | SetMaximumStorageSpaceForRecallSnapshots |
+| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+
+
+
+
+
+
+
+
## TurnOffWindowsCopilot