diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md index ac52182efc..089b3868fd 100644 --- a/windows/client-management/mdm/change-history-for-mdm-documentation.md +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -187,13 +187,13 @@ This article lists new and updated articles for the Mobile Device Management (MD |[TenantLockdown CSP](tenantlockdown-csp.md)|Added new CSP in Windows 10, version 1809.| |[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added new settings in Windows 10, version 1809.| |[Policy DDF file](policy-ddf-file.md)|Posted an updated version of the Policy DDF for Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
  • Browser/AllowPrinting
  • Browser/AllowSavingHistory
  • Browser/AllowSideloadingOfExtensions
  • Browser/AllowTabPreloading
  • Browser/AllowWebContentOnNewTabPage
  • Browser/ConfigureFavoritesBar
  • Browser/ConfigureHomeButton
  • Browser/ConfigureKioskMode
  • Browser/ConfigureKioskResetAfterIdleTimeout
  • Browser/ConfigureOpenMicrosoftEdgeWith
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
  • Browser/PreventCertErrorOverrides
  • Browser/SetHomeButtonURL
  • Browser/SetNewTabPageURL
  • Browser/UnlockHomeButton
  • Experience/DoNotSyncBrowserSettings
  • Experience/PreventUsersFromTurningOnBrowserSyncing
  • Kerberos/UPNNameHints
  • Privacy/AllowCrossDeviceClipboard
  • Privacy
  • DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • System/AllowDeviceNameInDiagnosticData
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
  • Storage/RemovableDiskDenyWriteAccess
  • Update/UpdateNotificationLevel

    Start/DisableContextMenus - added in Windows 10, version 1803.

    RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:

  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
  • Browser/AllowPrinting
  • Browser/AllowSavingHistory
  • Browser/AllowSideloadingOfExtensions
  • Browser/AllowTabPreloading
  • Browser/AllowWebContentOnNewTabPage
  • Browser/ConfigureFavoritesBar
  • Browser/ConfigureHomeButton
  • Browser/ConfigureKioskMode
  • Browser/ConfigureKioskResetAfterIdleTimeout
  • Browser/ConfigureOpenMicrosoftEdgeWith
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
  • Browser/PreventCertErrorOverrides
  • Browser/SetHomeButtonURL
  • Browser/SetNewTabPageURL
  • Browser/UnlockHomeButton
  • Experience/DoNotSyncBrowserSettings
  • Experience/PreventUsersFromTurningOnBrowserSyncing
  • Kerberos/UPNNameHints
  • Privacy/AllowCrossDeviceClipboard
  • Privacy
  • DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • System/AllowDeviceNameInDiagnosticData
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
  • Storage/RemovableDiskDenyWriteAccess
  • Update/UpdateNotificationLevel

    Start/DisableContextMenus - added in Windows 10, version 1803.

    RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.| ## July 2018 |New or updated article|Description| |--- |--- | -|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:

    You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.| +|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following note:

    You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.| |[PassportForWork CSP](passportforwork-csp.md)|Added new settings in Windows 10, version 1809.| |[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added NonRemovable setting under AppManagement node in Windows 10, version 1809.| |[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)|Added new configuration service provider in Windows 10, version 1809.| @@ -202,7 +202,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |[Defender CSP](defender-csp.md)|Added a new node Health/ProductStatus in Windows 10, version 1809.| |[BitLocker CSP](bitlocker-csp.md)|Added a new node AllowStandardUserEncryption in Windows 10, version 1809.| |[DevDetail CSP](devdetail-csp.md)|Added a new node SMBIOSSerialNumber in Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:

  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
  • Authentication/EnableFastFirstSignIn (Preview mode only)
  • Authentication/EnableWebSignIn (Preview mode only)
  • Authentication/PreferredAadTenantDomainName
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
  • Defender/EnableLowCPUPriority
  • Defender/SignatureUpdateFallbackOrder
  • Defender/SignatureUpdateFileSharesSources
  • DeviceGuard/ConfigureSystemGuardLaunch
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
  • DmaGuard/DeviceEnumerationPolicy
  • Experience/AllowClipboardHistory
  • Security/RecoveryEnvironmentAuthentication
  • TaskManager/AllowEndTask
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
  • WindowsLogon/DontDisplayNetworkSelectionUI

    Recent changes:

  • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies in Windows 10, version 1809:
  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
  • Authentication/EnableFastFirstSignIn (Preview mode only)
  • Authentication/EnableWebSignIn (Preview mode only)
  • Authentication/PreferredAadTenantDomainName
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
  • Defender/EnableLowCPUPriority
  • Defender/SignatureUpdateFallbackOrder
  • Defender/SignatureUpdateFileSharesSources
  • DeviceGuard/ConfigureSystemGuardLaunch
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
  • DmaGuard/DeviceEnumerationPolicy
  • Experience/AllowClipboardHistory
  • Security/RecoveryEnvironmentAuthentication
  • TaskManager/AllowEndTask
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
  • WindowsLogon/DontDisplayNetworkSelectionUI

    Recent changes:
  • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.| ## June 2018 @@ -211,7 +211,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |[Wifi CSP](wifi-csp.md)|Added a new node WifiCost in Windows 10, version 1809.| |[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)|Recent changes:
  • Added procedure for collecting logs remotely from Windows 10 Holographic.
  • Added procedure for downloading the MDM Diagnostic Information log.| |[BitLocker CSP](bitlocker-csp.md)|Added new node AllowStandardUserEncryption in Windows 10, version 1809.| -|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
  • AccountPoliciesAccountLockoutPolicy
  • AccountLockoutDuration - removed from docs. Not supported.
  • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
  • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
  • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
  • System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
  • Security/RequireDeviceEncryption is supported in the Home SKU.
  • Start/StartLayout - added a table of SKU support information.
  • Start/ImportEdgeAssets - added a table of SKU support information.

    Added the following new policies in Windows 10, version 1809:

  • Update/EngagedRestartDeadlineForFeatureUpdates
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
  • Update/SetDisablePauseUXAccess
  • Update/SetDisableUXWUAccess| +|[Policy CSP](policy-configuration-service-provider.md)|Recent changes:
  • AccountPoliciesAccountLockoutPolicy
  • AccountLockoutDuration - removed from docs. Not supported.
  • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
  • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
  • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
  • System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
  • Security/RequireDeviceEncryption is supported in the Home SKU.
  • Start/StartLayout - added a table of SKU support information.
  • Start/ImportEdgeAssets - added a table of SKU support information.

    Added the following new policies in Windows 10, version 1809:
  • Update/EngagedRestartDeadlineForFeatureUpdates
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
  • Update/SetDisablePauseUXAccess
  • Update/SetDisableUXWUAccess| |[WiredNetwork CSP](wirednetwork-csp.md)|New CSP added in Windows 10, version 1809.| ## May 2018 @@ -240,7 +240,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |[Understanding ADMX-backed policies](understanding-admx-backed-policies.md)|Added the following videos:
  • [How to create a custom xml to enable an ADMX-backed policy and deploy the XML in Intune](https://www.microsoft.com/showcase/video.aspx?uuid=bdc9b54b-11b0-4bdb-a022-c339d16e7121)
  • [How to import a custom ADMX file to a device using Intune](https://www.microsoft.com/showcase/video.aspx?uuid=a59888b1-429f-4a49-8570-c39a143d9a73)| |[AccountManagement CSP](accountmanagement-csp.md)|Added a new CSP in Windows 10, version 1803.| |[RootCATrustedCertificates CSP](rootcacertificates-csp.md)|Added the following node in Windows 10, version 1803:
  • UntrustedCertificates| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • ApplicationDefaults/EnableAppUriHandlers
  • ApplicationManagement/MSIAllowUserControlOverInstall
  • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
  • Connectivity/AllowPhonePCLinking
  • Notifications/DisallowCloudNotification
  • Notifications/DisallowTileNotification
  • RestrictedGroups/ConfigureGroupMembership

    The following existing policies were updated:

  • Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
  • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
  • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.

    Added a new section:

  • [[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • ApplicationDefaults/EnableAppUriHandlers
  • ApplicationManagement/MSIAllowUserControlOverInstall
  • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
  • Connectivity/AllowPhonePCLinking
  • Notifications/DisallowCloudNotification
  • Notifications/DisallowTileNotification
  • RestrictedGroups/ConfigureGroupMembership

    The following existing policies were updated:
  • Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
  • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
  • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.

    Added a new section:
  • [[Policies in Policy CSP supported by Group Policy](/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy) - list of policies in Policy CSP that has corresponding Group Policy. The policy description contains the GP information, such as GP policy name and variable name.| |[Policy CSP - Bluetooth](policy-csp-bluetooth.md)|Added new section [ServicesAllowedList usage guide](policy-csp-bluetooth.md#servicesallowedlist-usage-guide).| |[MultiSIM CSP](multisim-csp.md)|Added SyncML examples and updated the settings descriptions.| |[RemoteWipe CSP](remotewipe-csp.md)|Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.| @@ -251,7 +251,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |--- |--- | |[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Display/DisablePerProcessDpiForApps
  • Display/EnablePerProcessDpi
  • Display/EnablePerProcessDpiForApps
  • Experience/AllowWindowsSpotlightOnSettings
  • TextInput/ForceTouchKeyboardDockedState
  • TextInput/TouchKeyboardDictationButtonAvailability
  • TextInput/TouchKeyboardEmojiButtonAvailability
  • TextInput/TouchKeyboardFullModeAvailability
  • TextInput/TouchKeyboardHandwritingModeAvailability
  • TextInput/TouchKeyboardNarrowModeAvailability
  • TextInput/TouchKeyboardSplitModeAvailability
  • TextInput/TouchKeyboardWideModeAvailability| |[VPNv2 ProfileXML XSD](vpnv2-profile-xsd.md)|Updated the XSD and Plug-in profile example for VPNv2 CSP.| -|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:
  • Status
  • ShellLauncher
  • StatusConfiguration

    Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.| +|[AssignedAccess CSP](assignedaccess-csp.md)|Added the following nodes in Windows 10, version 1803:

  • Status
  • ShellLauncher
  • StatusConfiguration

    Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.| |[MultiSIM CSP](multisim-csp.md)|Added a new CSP in Windows 10, version 1803.| |[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following node in Windows 10, version 1803:
  • MaintainProcessorArchitectureOnUpdate| @@ -259,7 +259,7 @@ This article lists new and updated articles for the Mobile Device Management (MD |New or updated article|Description| |--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Browser/AllowConfigurationUpdateForBooksLibrary
  • Browser/AlwaysEnableBooksLibrary
  • Browser/EnableExtendedBooksTelemetry
  • Browser/UseSharedFolderForBooks
  • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
  • DeliveryOptimization/DODelayForegroundDownloadFromHttp
  • DeliveryOptimization/DOGroupIdSource
  • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
  • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
  • DeliveryOptimization/DORestrictPeerSelectionBy
  • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
  • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
  • KioskBrowser/BlockedUrlExceptions
  • KioskBrowser/BlockedUrls
  • KioskBrowser/DefaultURL
  • KioskBrowser/EnableHomeButton
  • KioskBrowser/EnableNavigationButtons
  • KioskBrowser/RestartOnIdleTime
  • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
  • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
  • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
  • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
  • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
  • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
  • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
  • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
  • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
  • RestrictedGroups/ConfigureGroupMembership
  • Search/AllowCortanaInAAD
  • Search/DoNotUseWebResults
  • Security/ConfigureWindowsPasswords
  • System/FeedbackHubAlwaysSaveDiagnosticsLocally
  • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
  • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
  • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
  • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
  • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
  • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
  • TaskScheduler/EnableXboxGameSaveTask
  • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
  • Update/ConfigureFeatureUpdateUninstallPeriod
  • UserRights/AccessCredentialManagerAsTrustedCaller
  • UserRights/AccessFromNetwork
  • UserRights/ActAsPartOfTheOperatingSystem
  • UserRights/AllowLocalLogOn
  • UserRights/BackupFilesAndDirectories
  • UserRights/ChangeSystemTime
  • UserRights/CreateGlobalObjects
  • UserRights/CreatePageFile
  • UserRights/CreatePermanentSharedObjects
  • UserRights/CreateSymbolicLinks
  • UserRights/CreateToken
  • UserRights/DebugPrograms
  • UserRights/DenyAccessFromNetwork
  • UserRights/DenyLocalLogOn
  • UserRights/DenyRemoteDesktopServicesLogOn
  • UserRights/EnableDelegation
  • UserRights/GenerateSecurityAudits
  • UserRights/ImpersonateClient
  • UserRights/IncreaseSchedulingPriority
  • UserRights/LoadUnloadDeviceDrivers
  • UserRights/LockMemory
  • UserRights/ManageAuditingAndSecurityLog
  • UserRights/ManageVolume
  • UserRights/ModifyFirmwareEnvironment
  • UserRights/ModifyObjectLabel
  • UserRights/ProfileSingleProcess
  • UserRights/RemoteShutdown
  • UserRights/RestoreFilesAndDirectories
  • UserRights/TakeOwnership
  • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
  • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
  • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
  • WindowsDefenderSecurityCenter/HideSecureBoot
  • WindowsDefenderSecurityCenter/HideTPMTroubleshooting

    Added the following policies the were added in Windows 10, version 1709

  • DeviceLock/MinimumPasswordAge
  • Settings/AllowOnlineTips
  • System/DisableEnterpriseAuthProxy
  • Security/RequireDeviceEncryption - updated to show it is supported in desktop.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:
  • Browser/AllowConfigurationUpdateForBooksLibrary
  • Browser/AlwaysEnableBooksLibrary
  • Browser/EnableExtendedBooksTelemetry
  • Browser/UseSharedFolderForBooks
  • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
  • DeliveryOptimization/DODelayForegroundDownloadFromHttp
  • DeliveryOptimization/DOGroupIdSource
  • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
  • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
  • DeliveryOptimization/DORestrictPeerSelectionBy
  • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
  • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
  • KioskBrowser/BlockedUrlExceptions
  • KioskBrowser/BlockedUrls
  • KioskBrowser/DefaultURL
  • KioskBrowser/EnableHomeButton
  • KioskBrowser/EnableNavigationButtons
  • KioskBrowser/RestartOnIdleTime
  • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
  • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
  • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
  • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
  • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
  • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
  • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
  • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
  • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
  • RestrictedGroups/ConfigureGroupMembership
  • Search/AllowCortanaInAAD
  • Search/DoNotUseWebResults
  • Security/ConfigureWindowsPasswords
  • System/FeedbackHubAlwaysSaveDiagnosticsLocally
  • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
  • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
  • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
  • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
  • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
  • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
  • TaskScheduler/EnableXboxGameSaveTask
  • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
  • Update/ConfigureFeatureUpdateUninstallPeriod
  • UserRights/AccessCredentialManagerAsTrustedCaller
  • UserRights/AccessFromNetwork
  • UserRights/ActAsPartOfTheOperatingSystem
  • UserRights/AllowLocalLogOn
  • UserRights/BackupFilesAndDirectories
  • UserRights/ChangeSystemTime
  • UserRights/CreateGlobalObjects
  • UserRights/CreatePageFile
  • UserRights/CreatePermanentSharedObjects
  • UserRights/CreateSymbolicLinks
  • UserRights/CreateToken
  • UserRights/DebugPrograms
  • UserRights/DenyAccessFromNetwork
  • UserRights/DenyLocalLogOn
  • UserRights/DenyRemoteDesktopServicesLogOn
  • UserRights/EnableDelegation
  • UserRights/GenerateSecurityAudits
  • UserRights/ImpersonateClient
  • UserRights/IncreaseSchedulingPriority
  • UserRights/LoadUnloadDeviceDrivers
  • UserRights/LockMemory
  • UserRights/ManageAuditingAndSecurityLog
  • UserRights/ManageVolume
  • UserRights/ModifyFirmwareEnvironment
  • UserRights/ModifyObjectLabel
  • UserRights/ProfileSingleProcess
  • UserRights/RemoteShutdown
  • UserRights/RestoreFilesAndDirectories
  • UserRights/TakeOwnership
  • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
  • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
  • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
  • WindowsDefenderSecurityCenter/HideSecureBoot
  • WindowsDefenderSecurityCenter/HideTPMTroubleshooting

    Added the following policies the were added in Windows 10, version 1709
  • DeviceLock/MinimumPasswordAge
  • Settings/AllowOnlineTips
  • System/DisableEnterpriseAuthProxy

    Security/RequireDeviceEncryption - updated to show it is supported in desktop.| |[BitLocker CSP](bitlocker-csp.md)|Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.| |[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.| |[DMClient CSP](dmclient-csp.md)|Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:
  • AADSendDeviceToken
  • BlockInStatusPage
  • AllowCollectLogsButton
  • CustomErrorText
  • SkipDeviceStatusPage
  • SkipUserStatusPage| @@ -277,42 +277,37 @@ This article lists new and updated articles for the Mobile Device Management (MD |New or updated article|Description| |--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
  • Authentication/AllowFidoDeviceSignon
  • Cellular/LetAppsAccessCellularData
  • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
  • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
  • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
  • Start/HidePeopleBar
  • Storage/EnhancedStorageDevices
  • Update/ManagePreviewBuilds
  • WirelessDisplay/AllowMdnsAdvertisement
  • WirelessDisplay/AllowMdnsDiscovery

    Added missing policies from previous releases:

  • Connectivity/DisallowNetworkConnectivityActiveTest
  • Search/AllowWindowsIndexer| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following policies for Windows 10, version 1709:
  • Authentication/AllowFidoDeviceSignon
  • Cellular/LetAppsAccessCellularData
  • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
  • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
  • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
  • Start/HidePeopleBar
  • Storage/EnhancedStorageDevices
  • Update/ManagePreviewBuilds
  • WirelessDisplay/AllowMdnsAdvertisement
  • WirelessDisplay/AllowMdnsDiscovery

    Added missing policies from previous releases:
  • Connectivity/DisallowNetworkConnectivityActiveTest
  • Search/AllowWindowsIndexer| ## October 2017 -[Policy DDF file](policy-ddf-file.md): Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. - -[Policy CSP](policy-configuration-service-provider.md): Updated the following policies: - -- Defender/ControlledFolderAccessAllowedApplications - string separator is'|' -- Defender/ControlledFolderAccessProtectedFolders - string separator is '|'. - -[eUICCs CSP](euiccs-csp.md): Added new CSP in Windows 10, version 1709. - -[AssignedAccess CSP](assignedaccess-csp.md):Added SyncML examples for the new Configuration node. - -[DMClient CSP](dmclient-csp.md): Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. +| New or updated article | Description | +| --- | --- | +| [Policy DDF file](policy-ddf-file.md) | Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709. | +| [Policy CSP](policy-configuration-service-provider.md) | Updated the following policies:

    - Defender/ControlledFolderAccessAllowedApplications - string separator is `|`
    - Defender/ControlledFolderAccessProtectedFolders - string separator is `|` | +| [eUICCs CSP](euiccs-csp.md) | Added new CSP in Windows 10, version 1709. | +| [AssignedAccess CSP](assignedaccess-csp.md) | Added SyncML examples for the new Configuration node. | +| [DMClient CSP](dmclient-csp.md) | Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics. | ## September 2017 |New or updated article|Description| |--- |--- | -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
  • Authentication/AllowAadPasswordReset
  • Handwriting/PanelDefaultModeDocked
  • Search/AllowCloudSearch
  • System/LimitEnhancedDiagnosticDataWindowsAnalytics

    Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:

  • Authentication/AllowAadPasswordReset
  • Handwriting/PanelDefaultModeDocked
  • Search/AllowCloudSearch
  • System/LimitEnhancedDiagnosticDataWindowsAnalytics

    Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.| |[AssignedAccess CSP](assignedaccess-csp.md)|Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.| |Microsoft Store for Business and Microsoft Store|Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.| -|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:
  • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
  • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
  • DomainName - fully qualified domain name if the device is domain-joined.

    For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.| +|The [[MS-MDE2]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692)|The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

  • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
  • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
  • DomainName - fully qualified domain name if the device is domain-joined.

    For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.| |[EnterpriseAPN CSP](enterpriseapn-csp.md)|Added a SyncML example.| |[VPNv2 CSP](vpnv2-csp.md)|Added RegisterDNS setting in Windows 10, version 1709.| |[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Added new topic to introduce a new Group Policy for automatic MDM enrollment.| -|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:
  • User sees installation progress of critical policies during MDM enrollment.
  • User knows what policies, profiles, apps MDM has configured
  • IT helpdesk can get detailed MDM diagnostic information using client tools

    For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)| +|[MDM enrollment of Windows-based devices](mdm-enrollment-of-windows-devices.md)|New features in the Settings app:

  • User sees installation progress of critical policies during MDM enrollment.
  • User knows what policies, profiles, apps MDM has configured
  • IT helpdesk can get detailed MDM diagnostic information using client tools

    For details, see [Managing connections](mdm-enrollment-of-windows-devices.md#manage-connections) and [Collecting diagnostic logs](mdm-enrollment-of-windows-devices.md#collecting-diagnostic-logs)| ## August 2017 |New or updated article|Description| |--- |--- | |[Enable ADMX-backed policies in MDM](enable-admx-backed-policies-in-mdm.md)|Added new step-by-step guide to enable ADMX-backed policies.| -|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:

    Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.| +|[Mobile device enrollment](mobile-device-enrollment.md)|Added the following statement:

    Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.| |[CM_CellularEntries CSP](cm-cellularentries-csp.md)|Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.| |[EnterpriseDataProtection CSP](enterprisedataprotection-csp.md)|Updated the Settings/EDPEnforcementLevel values to the following:

  • 0 (default) – Off / No protection (decrypts previously protected data).
  • 1 – Silent mode (encrypt and audit only).
  • 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
  • 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).| |[AppLocker CSP](applocker-csp.md)|Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in [Allow list examples](applocker-csp.md#allow-list-examples).| @@ -321,4 +316,4 @@ This article lists new and updated articles for the Mobile Device Management (MD |[BitLocker CSP](bitlocker-csp.md)|Added information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709.| |[Firewall CSP](firewall-csp.md)|Updated the CSP and DDF topics. Here are the changes:
  • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
  • Changed some data types from integer to bool.
  • Updated the list of supported operations for some settings.
  • Added default values.| |[Policy DDF file](policy-ddf-file.md)|Added another Policy DDF file [download](https://download.microsoft.com/download/6/1/C/61C022FD-6F5D-4F73-9047-17F630899DC4/PolicyDDF_all_version1607_8C.xml) for the 8C release of Windows 10, version 1607, which added the following policies:
  • Browser/AllowMicrosoftCompatibilityList
  • Update/DisableDualScan
  • Update/FillEmptyContentUrls| -|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
  • Browser/ProvisionFavorites
  • Browser/LockdownFavorites
  • ExploitGuard/ExploitProtectionSettings
  • Games/AllowAdvancedGamingServices
  • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
  • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
  • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
  • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
  • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
  • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
  • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
  • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
  • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
  • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
  • Privacy/EnableActivityFeed
  • Privacy/PublishUserActivities
  • Update/DisableDualScan
  • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

    Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

    Changed the names of the following policies:

  • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
  • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
  • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess

    Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).

    There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:

  • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
  • Start/HideAppList| \ No newline at end of file +|[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1709:
  • Browser/ProvisionFavorites
  • Browser/LockdownFavorites
  • ExploitGuard/ExploitProtectionSettings
  • Games/AllowAdvancedGamingServices
  • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
  • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
  • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
  • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
  • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
  • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
  • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
  • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
  • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
  • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
  • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
  • Privacy/EnableActivityFeed
  • Privacy/PublishUserActivities
  • Update/DisableDualScan
  • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork

    Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

    Changed the names of the following policies:
  • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
  • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
  • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess

    Added links to the additional [ADMX-backed BitLocker policies](policy-csp-bitlocker.md).

    There were issues reported with the previous release of the following policies. These issues were fixed in Windows 10, version 1709:
  • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
  • Start/HideAppList|