From 92c62623a397b1dde44897b15ac9d4b8b45e859d Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Thu, 15 Feb 2024 16:58:56 +0100 Subject: [PATCH] XSD reference material --- .../_lock-down-windows-10-to-specific-apps.md | 61 -- .../_lock-down-windows-11-to-specific-apps.md | 14 +- .../kiosk/assigned-access-examples.md | 372 +++++++ .../kiosk/assigned-access-xsd.md | 332 ++++++ .../create-assigned-access-configuration.md | 41 +- .../create-shell-launcher-configuration.md | 28 +- .../quickstart-restricted-experience-xml.md | 14 +- .../includes/quickstart-shell-launcher-xml.md | 4 +- .../configuration/kiosk/kiosk-mdm-bridge.md | 6 +- .../kiosk/kiosk-shelllauncher.md | 6 +- windows/configuration/kiosk/kiosk-xml.md | 952 ------------------ .../kiosk/quickstart-assigned-access-kiosk.md | 14 +- ...t-assigned-access-restricted-experience.md | 2 +- .../kiosk/quickstart-shell-launcher-kiosk.md | 6 +- windows/configuration/kiosk/reference.md | 226 +++++ .../configuration/kiosk/shell-launcher-xsd.md | 185 ++++ windows/configuration/kiosk/toc.yml | 12 +- 17 files changed, 1189 insertions(+), 1086 deletions(-) create mode 100644 windows/configuration/kiosk/assigned-access-examples.md create mode 100644 windows/configuration/kiosk/assigned-access-xsd.md delete mode 100644 windows/configuration/kiosk/kiosk-xml.md create mode 100644 windows/configuration/kiosk/reference.md create mode 100644 windows/configuration/kiosk/shell-launcher-xsd.md diff --git a/windows/configuration/kiosk/_lock-down-windows-10-to-specific-apps.md b/windows/configuration/kiosk/_lock-down-windows-10-to-specific-apps.md index f307940f45..02a9a77810 100644 --- a/windows/configuration/kiosk/_lock-down-windows-10-to-specific-apps.md +++ b/windows/configuration/kiosk/_lock-down-windows-10-to-specific-apps.md @@ -331,68 +331,7 @@ Group accounts are specified using ``. Nested groups aren't supported -#### [Preview] Global profile -Global profile is available in Windows 1. If you want everyone who signs into a specific device to be assigned as an access user, even if there's no dedicated profile for that user. Alternatively, perhaps Assigned Access couldn't identify a profile for the user and you want to have a fallback profile. Global profile is designed for these scenarios. - -Usage is demonstrated below, by using the new XML namespace and specifying `GlobalProfile` from that namespace. When you configure `GlobalProfile`, a non-admin account logs in, if this user doesn't have a designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, a global profile is applied for the user. - -> [!NOTE] -> 1. `GlobalProfile` can only be a multi-app profile. -> 1. Only one `GlobalProfile` can be used in one `AssignedAccess` configuration XML. -> 1. `GlobalProfile` can be used as the only config, or it can be used along with regular user or group config. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - -``` ### Add XML file to provisioning package diff --git a/windows/configuration/kiosk/_lock-down-windows-11-to-specific-apps.md b/windows/configuration/kiosk/_lock-down-windows-11-to-specific-apps.md index bbd15aa3e2..5e81e2c9c4 100644 --- a/windows/configuration/kiosk/_lock-down-windows-11-to-specific-apps.md +++ b/windows/configuration/kiosk/_lock-down-windows-11-to-specific-apps.md @@ -43,13 +43,13 @@ You can start your file by pasting the following XML into an XML editor, and sav + xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> - + @@ -139,7 +139,7 @@ After you define the list of allowed applications, you can customize the Start l Add your pinnedList JSON into the StartPins tag in your XML file. ```xml - + - + ``` > [!NOTE] @@ -358,7 +358,7 @@ This section contains a predefined XML file which can be used as a quickstart to + xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> @@ -371,7 +371,7 @@ This section contains a predefined XML file which can be used as a quickstart to - + - + diff --git a/windows/configuration/kiosk/assigned-access-examples.md b/windows/configuration/kiosk/assigned-access-examples.md new file mode 100644 index 0000000000..d98e34a1c5 --- /dev/null +++ b/windows/configuration/kiosk/assigned-access-examples.md @@ -0,0 +1,372 @@ +--- +title: Assigned Access configuration XML examples +description: Practical examples of Assigned Access XML configuration files. +ms.topic: reference +ms.date: 02/15/2024 +--- + +# Assigned Access configuration XML examples + +This article provides practical examples of Assigned Access XML configuration files. + +For more details, review the Assigned Access XSD reference article. + +## Kiosk example 1 + +```xml + + + + + + + + + + + + ... + + + + + + + + domain\account + + + + AzureAD\john@contoso.onmicrosoft.com + + + + localaccount + + + + + + + + + + + + + + + + + + + + +``` + +## Kiosk only sample XML + +```xml + + + + + + + + + + singleappuser + + + + +``` + +## Auto Launch Sample XML + +This sample demonstrates that both UWP and Win32 apps can be configured to automatically launch, when assigned access account logs in. One profile can have at most one app configured for auto launch. AutoLaunchArguments are passed to the apps as is and the app needs to handle the arguments explicitly. + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + aauser1 + + + + aauser2 + + + + + +``` + +## Microsoft Edge Kiosk XML Sample + +```xml + + + + + + + + + + + + EdgeKioskUser + + + + +``` + +## Global Profile Sample XML + +Global Profile is supported on: + +- Windows 11 +- Windows 10, version 2004 and later + +Global Profile is designed for scenarios where a user doesn't have a designated profile, yet you still want the user to run in lockdown mode. It's also used as mitigation when a profile can't be determined for a user. + +This sample demonstrates that only a global profile is used, with no active user configured. Global Profile will be applied when every non-admin account signs in. + +```xml + + + + + + + + + + + + + + + + + + + +``` + +Below sample shows dedicated profile and global profile mixed usage, a user would use one profile, everyone else that's non-admin will use another profile. + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + aauser + + + + + +``` + +## Folder Access sample xml + +Starting with Windows 10 version 1809 +, folder access is locked down so that when common file dialog is opened, IT Admin can specify if the user has access to the Downloads folder, or no access to any folder at all. This restriction has been redesigned for finer granularity and easier use, and is available in Windows 10 version 2009+. + +IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Downloads and Removable Drives can be allowed at the same time. + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + multi1 + + + + multi2 + + + + multi3 + + + + multi4 + + + + multi5 + + + + multi6 + + + + + +``` + +To authorize a compatible configuration XML that includes elements and attributes from Windows 10 version 1809 or newer / Windows 11, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. + +For example, to configure the autolaunch feature that was added in Windows 10 version 1809 / Windows 11, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10 version 1809 / Windows 11, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline. diff --git a/windows/configuration/kiosk/assigned-access-xsd.md b/windows/configuration/kiosk/assigned-access-xsd.md new file mode 100644 index 0000000000..060972f45f --- /dev/null +++ b/windows/configuration/kiosk/assigned-access-xsd.md @@ -0,0 +1,332 @@ +--- +title: Assigned Access XML Schema Definition (XSD) +description: Assigned Access XSD reference article. +ms.topic: reference +ms.date: 02/15/2024 +--- + +# Assigned Access XML Schema Definition (XSD) + +This reference article contains the latest Assigned Access XML schema definition (XSD) and the XSD additions for each version of Windows. + +## Windows 11 + +The following is the XSD for Assigned Access in Windows 11: + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +## Windows 10, version 1809 XSD additions + +The following is the XSD for Assigned Access features added in Windows 10, version 1809: + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +## Windows 10, version 1909 additions + +The following is the XSD for Assigned Access features added in Windows 10, version 1909: + +```xml + + + + + + + + + + + + + + + + + + + + + + +``` + +## Windows 10, version 21H2 additions + +The following is the XSD for Assigned Access features added in Windows 10, version 21H2: + +```xml + + + + + + + + + + + + +``` + +## Windows 11 additions + +The following is the XSD for Assigned Access features added in Windows 11: + +```xml + + + + + +``` diff --git a/windows/configuration/kiosk/create-assigned-access-configuration.md b/windows/configuration/kiosk/create-assigned-access-configuration.md index f1df64e09c..3cc343a485 100644 --- a/windows/configuration/kiosk/create-assigned-access-configuration.md +++ b/windows/configuration/kiosk/create-assigned-access-configuration.md @@ -26,10 +26,8 @@ You can start your file by pasting the following XML code into a text editor, an + xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> @@ -57,7 +55,6 @@ You can start your file by pasting the following XML code into a text editor, an @@ -212,7 +209,7 @@ After you define the list of allowed applications, you can customize the Start l Add your pinnedList JSON into the StartPins tag in your XML file. ```xml - + - + ``` > [!NOTE] @@ -260,10 +257,8 @@ The following example hides the taskbar: + xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> @@ -279,7 +274,7 @@ The following example hides the taskbar: - + - + @@ -331,8 +326,8 @@ The following example hides the taskbar: Either don't use the node or leave it empty ```xml - - + + ``` :::column-end::: :::row-end::: @@ -342,9 +337,9 @@ The following example hides the taskbar: :::column-end::: :::column span="3"::: ```xml - - - + + + ``` :::column-end::: :::row-end::: @@ -355,9 +350,9 @@ The following example hides the taskbar: :::column-end::: :::column span="3"::: ```xml - + - + ``` :::column-end::: :::row-end::: @@ -368,10 +363,10 @@ The following example hides the taskbar: :::column-end::: :::column span="3"::: ```xml - - + + - + ``` :::column-end::: :::row-end::: @@ -382,9 +377,9 @@ The following example hides the taskbar: :::column-end::: :::column span="3"::: ```xml - + - + ``` :::column-end::: :::row-end::: diff --git a/windows/configuration/kiosk/create-shell-launcher-configuration.md b/windows/configuration/kiosk/create-shell-launcher-configuration.md index 85e8160fc2..47cc813294 100644 --- a/windows/configuration/kiosk/create-shell-launcher-configuration.md +++ b/windows/configuration/kiosk/create-shell-launcher-configuration.md @@ -14,13 +14,13 @@ ms.topic: how-to +xmlns:rs5="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> - + @@ -55,8 +55,8 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> Either don't use the node or leave it empty ```xml - - + + ``` :::column-end::: :::row-end::: @@ -66,9 +66,9 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> :::column-end::: :::column span="3"::: ```xml - - - + + + ``` :::column-end::: :::row-end::: @@ -79,9 +79,9 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> :::column-end::: :::column span="3"::: ```xml - + - + ``` :::column-end::: :::row-end::: @@ -92,10 +92,10 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> :::column-end::: :::column span="3"::: ```xml - - + + - + ``` :::column-end::: :::row-end::: @@ -106,9 +106,9 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> :::column-end::: :::column span="3"::: ```xml - + - + ``` :::column-end::: :::row-end::: diff --git a/windows/configuration/kiosk/includes/quickstart-restricted-experience-xml.md b/windows/configuration/kiosk/includes/quickstart-restricted-experience-xml.md index 7138b355cb..78b7f2f152 100644 --- a/windows/configuration/kiosk/includes/quickstart-restricted-experience-xml.md +++ b/windows/configuration/kiosk/includes/quickstart-restricted-experience-xml.md @@ -8,12 +8,14 @@ ms.prod: windows-client ```xml - + xmlns:v4="http://schemas.microsoft.com/AssignedAccess/2021/config" + xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> @@ -32,7 +34,7 @@ ms.prod: windows-client - + - + diff --git a/windows/configuration/kiosk/includes/quickstart-shell-launcher-xml.md b/windows/configuration/kiosk/includes/quickstart-shell-launcher-xml.md index 77244e065f..b2325dd5f5 100644 --- a/windows/configuration/kiosk/includes/quickstart-shell-launcher-xml.md +++ b/windows/configuration/kiosk/includes/quickstart-shell-launcher-xml.md @@ -10,13 +10,13 @@ ms.prod: windows-client +xmlns:rs5="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> - + diff --git a/windows/configuration/kiosk/kiosk-mdm-bridge.md b/windows/configuration/kiosk/kiosk-mdm-bridge.md index 7725923709..7c67e96e8e 100644 --- a/windows/configuration/kiosk/kiosk-mdm-bridge.md +++ b/windows/configuration/kiosk/kiosk-mdm-bridge.md @@ -93,7 +93,7 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@" + xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"> @@ -106,7 +106,7 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@" - + - + diff --git a/windows/configuration/kiosk/kiosk-shelllauncher.md b/windows/configuration/kiosk/kiosk-shelllauncher.md index 644d7f9756..e2f36b998f 100644 --- a/windows/configuration/kiosk/kiosk-shelllauncher.md +++ b/windows/configuration/kiosk/kiosk-shelllauncher.md @@ -84,16 +84,16 @@ The following XML sample works for **Shell Launcher v1**: ``` -For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `v2:AppType` to specify the type, as shown in the following example. If `v2:AppType` isn't specified, it implies the shell is Win32 app. +For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `rs5:AppType` to specify the type, as shown in the following example. If `rs5:AppType` isn't specified, it implies the shell is Win32 app. ```xml +xmlns:rs5="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> - + diff --git a/windows/configuration/kiosk/kiosk-xml.md b/windows/configuration/kiosk/kiosk-xml.md deleted file mode 100644 index dc2c2a62b2..0000000000 --- a/windows/configuration/kiosk/kiosk-xml.md +++ /dev/null @@ -1,952 +0,0 @@ ---- -title: Assigned Access configuration kiosk XML reference -description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11. - -ms.topic: article -ms.date: 12/31/2017 ---- - -# Assigned Access configuration (kiosk) XML reference - -## Full XML sample - ->[!NOTE] ->Updated for Windows 10, version 1903, 1909, and 2004. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - domain\account - - - - AzureAD\john@contoso.onmicrosoft.com - - - - localaccount - - - - - - - - - - - - - - - - - - - - -``` - -## Kiosk only sample XML - -```xml - - - - - - - - - - singleappuser - - - - -``` - -## Auto Launch Sample XML - -This sample demonstrates that both UWP and Win32 apps can be configured to automatically launch, when assigned access account logs in. One profile can have at most one app configured for auto launch. AutoLaunchArguments are passed to the apps as is and the app needs to handle the arguments explicitly. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - aauser1 - - - - aauser2 - - - - - -``` - -## Microsoft Edge Kiosk XML Sample - -```xml - - - - - - - - - - - - EdgeKioskUser - - - - -``` - -## Global Profile Sample XML - -Global Profile is supported on: - -- Windows 11 -- Windows 10, version 2004 and later - -Global Profile is designed for scenarios where a user doesn't have a designated profile, yet you still want the user to run in lockdown mode. It's also used as mitigation when a profile can't be determined for a user. - -This sample demonstrates that only a global profile is used, with no active user configured. Global Profile will be applied when every non-admin account signs in. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - -``` - -Below sample shows dedicated profile and global profile mixed usage, a user would use one profile, everyone else that's non-admin will use another profile. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - aauser - - - - - -``` - -## Folder Access sample xml - -Starting with Windows 10 version 1809 +, folder access is locked down so that when common file dialog is opened, IT Admin can specify if the user has access to the Downloads folder, or no access to any folder at all. This restriction has been redesigned for finer granularity and easier use, and is available in Windows 10 version 2009+. - -IT Admin now can specify user access to Downloads folder, Removable drives, or no restrictions at all. Downloads and Removable Drives can be allowed at the same time. - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ]]> - - - - - - - multi1 - - - - multi2 - - - - multi3 - - - - multi4 - - - - multi5 - - - - multi6 - - - - - -``` - -## XSD for AssignedAccess configuration XML - -> [!NOTE] -> Updated for Windows 10, version 1903 and later. - -The following XML schema is for AssignedAccess Configuration up to Windows 10, version 1803 release: - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -The following XML is the schema for new features introduced in Windows 10 1809 release: - -```xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -``` - -The following XML is the schema for Windows 10 version 1909+: - -```xml - - - - - - - - - - - - - - - - - - -``` - -To authorize a compatible configuration XML that includes elements and attributes from Windows 10 version 1809 or newer / Windows 11, always include the namespace of these add-on schemas, and decorate the attributes and elements accordingly with the namespace alias. - -For example, to configure the autolaunch feature that was added in Windows 10 version 1809 / Windows 11, use the following sample. Notice an alias r1809 is given to the 201810 namespace for Windows 10 version 1809 / Windows 11, and the alias is tagged on AutoLaunch and AutoLaunchArguments inline. - -```xml - - - - - - -``` diff --git a/windows/configuration/kiosk/quickstart-assigned-access-kiosk.md b/windows/configuration/kiosk/quickstart-assigned-access-kiosk.md index e5786cd773..ec351b7e17 100644 --- a/windows/configuration/kiosk/quickstart-assigned-access-kiosk.md +++ b/windows/configuration/kiosk/quickstart-assigned-access-kiosk.md @@ -9,12 +9,6 @@ appliesto: # Quickstart: Configure a kiosk experience with Assigned Access -With a *restricted user experience*, you can control the applications allowed in a locked down Windows desktop. - -This quickstart provides practical examples of how to configure a restricted user experience on Windows 11. The examples describe the steps using a mobile device management solution (MDM) like Microsoft Intune, provisioning packages (PPKG), and PowerShell. While different solutions are used, the configuration settings and results are the same. - -The examples can be modified to fit your specific requirements. For example, you can add or remove applications from the list of allowed apps, or change the name of the user that automatically signs in to Windows. - ## Prerequisites >[!div class="checklist"] @@ -27,6 +21,12 @@ The examples can be modified to fit your specific requirements. For example, you ## Configure a restricted user experience +When using Settings: + +AppId: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe +Arguments: --no-first-run --kiosk https://maps.cltairport.com/ --kiosk-idle-timeout-minutes=5 --edge-kiosk-type=public-browsing + + [!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)] #### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune) @@ -40,7 +40,7 @@ The examples can be modified to fit your specific requirements. For example, you POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations Content-Type: application/json -{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ] } +{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ] } ``` [!INCLUDE [intune-custom-settings-2](../../../includes/configure/intune-custom-settings-2.md)] diff --git a/windows/configuration/kiosk/quickstart-assigned-access-restricted-experience.md b/windows/configuration/kiosk/quickstart-assigned-access-restricted-experience.md index 7e5c3c4d9b..4a573c9090 100644 --- a/windows/configuration/kiosk/quickstart-assigned-access-restricted-experience.md +++ b/windows/configuration/kiosk/quickstart-assigned-access-restricted-experience.md @@ -40,7 +40,7 @@ The examples can be modified to fit your specific requirements. For example, you POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations Content-Type: application/json -{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ] } +{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example", "description": "Collection of settings for Assigned Access", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "AssignedAccess_Configuration", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/Configuration", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ] } ``` [!INCLUDE [intune-custom-settings-2](../../../includes/configure/intune-custom-settings-2.md)] diff --git a/windows/configuration/kiosk/quickstart-shell-launcher-kiosk.md b/windows/configuration/kiosk/quickstart-shell-launcher-kiosk.md index d125be6138..ce92d39f96 100644 --- a/windows/configuration/kiosk/quickstart-shell-launcher-kiosk.md +++ b/windows/configuration/kiosk/quickstart-shell-launcher-kiosk.md @@ -35,7 +35,7 @@ This quickstart provides the information to configure a kiosk experience with Sh POST https://graph.microsoft.com/beta/deviceManagement/deviceConfigurations Content-Type: application/json -{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Kiosk - Shell Launcher", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "ShellLauncher", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/ShellLauncher", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ], } +{ "id": "00-0000-0000-0000-000000000000", "displayName": "_MSLearn_Example_Kiosk - Shell Launcher", "description": "This is a sample policy created from an article on learn.microsoft.com.", "roleScopeTagIds": [ "0" ], "@odata.type": "#microsoft.graph.windows10CustomConfiguration", "omaSettings": [ { "@odata.type": "#microsoft.graph.omaSettingString", "displayName": "ShellLauncher", "description": null, "omaUri": "./Vendor/MSFT/AssignedAccess/ShellLauncher", "secretReferenceValueId": null, "isEncrypted": true, "value": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" } ], } ``` [!INCLUDE [intune-custom-settings-2](../../../includes/configure/intune-custom-settings-2.md)] @@ -56,13 +56,13 @@ $shellLauncherConfiguration = @" +xmlns:rs5="http://schemas.microsoft.com/ShellLauncher/2019/Configuration"> - + diff --git a/windows/configuration/kiosk/reference.md b/windows/configuration/kiosk/reference.md new file mode 100644 index 0000000000..9eb0e9327c --- /dev/null +++ b/windows/configuration/kiosk/reference.md @@ -0,0 +1,226 @@ +--- +title: Assigned Access reference +description: Learn how to configure Shell Launcher to change the default Windows shell when a user signs in to a device. +ms.topic: reference +ms.date: 12/31/2017 +--- + +# Assigned Access reference + +## XML namespaces + +| Namespace alias | Namespace | +|-|-| +|default|`http://schemas.microsoft.com/AssignedAccess/2017/config`| +|rs5|`http://schemas.microsoft.com/AssignedAccess/201810/config`| +|V2|`http://schemas.microsoft.com/ShellLauncher/2019/Configuration`| +|v3|`http://schemas.microsoft.com/AssignedAccess/2020/config`| +|v4 >> Windows 10 21H2|`http://schemas.microsoft.com/AssignedAccess/2021/config`| +|v5 >> Windows 11 22H2|`http://schemas.microsoft.com/AssignedAccess/2022/config`| + +## default schema + +### Profile + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +#### AllAppList + +```xml + + + + + + + + + + + + + + +``` + +```xml + + + + + + + + + + + + + + + + + + + + + + +``` + +### StartLayout +### Taskbar +### + +### Property + +## rs5 schema + +```xml + + + + + + +``` + +### AutoLaunch (rs5) + +### AutoLaunchArguments (rs5) + +### DisplayName (rs5) + + + +### FileExplorerNamespaceRestrictions (rs5) + + +## v2 Schema + +```xml + + + + + + + + + + + + +``` + +### AppType (v2) + +### AllAppsFullScreen (v2) + + + +## v3 schema + +```xml + + + + + + + +``` + +### AllowRemovableDrives (v3) + +### NoRestriction (v3) + +### Globalprofile (v3) + +If you want everyone who signs into a specific device to be assigned as an access user, even if there's no dedicated profile for that user. Alternatively, perhaps Assigned Access couldn't identify a profile for the user and you want to have a fallback profile. Global profile is designed for these scenarios. + +Usage is demonstrated below, by using the new XML namespace and specifying `GlobalProfile` from that namespace. When you configure `GlobalProfile`, a non-admin account logs in, if this user doesn't have a designated profile in Assigned Access, or Assigned Access fails to determine a profile for current user, a global profile is applied for the user. + +> [!NOTE] +> 1. `GlobalProfile` can only be a multi-app profile. +> 1. Only one `GlobalProfile` can be used in one `AssignedAccess` configuration XML. +> 1. `GlobalProfile` can be used as the only config, or it can be used along with regular user or group config. + +```xml + + + + + ... + + + + + + +``` + +## v4 schema + +```xml + + + + + + + +``` + +### BreakoutSequence + +### ClassicApp +#### ClassicAppPath +#### ClassicAppArguments + +## v5 schema + +### Exclusions + +### StartPins +Type: string + +### TaskbarLayout +Type: string diff --git a/windows/configuration/kiosk/shell-launcher-xsd.md b/windows/configuration/kiosk/shell-launcher-xsd.md new file mode 100644 index 0000000000..0892c48872 --- /dev/null +++ b/windows/configuration/kiosk/shell-launcher-xsd.md @@ -0,0 +1,185 @@ +--- +title: Assigned Access XML Schema Definition (XSD) +description: Shell Launcher XSD reference article. +ms.topic: reference +ms.date: 02/15/2024 +--- + +# Shell Launcher XML Schema Definition (XSD) + +This reference article contains the XML schema definitions (XSD) for Shell Launcher and Shell Launcher v2. + +## Shell Launcher XSD + +```xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +``` + +## Shell Launcher v2 XSD + +```xml + + + + + + + + + + + + + + +``` \ No newline at end of file diff --git a/windows/configuration/kiosk/toc.yml b/windows/configuration/kiosk/toc.yml index 05f2fa4d0f..80bc2a08c3 100644 --- a/windows/configuration/kiosk/toc.yml +++ b/windows/configuration/kiosk/toc.yml @@ -13,6 +13,8 @@ items: items: - name: Prepare a device for kiosk configuration href: kiosk-prepare.md + - name: Guidelines for choosing an app for assigned access + href: guidelines-for-assigned-access-app.md - name: Deployment guides items: - name: Configure digital signs @@ -39,12 +41,14 @@ items: href: /troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting - name: Reference items: - - name: Guidelines for choosing an app for assigned access - href: guidelines-for-assigned-access-app.md + - name: Assigned Access XSD + href: assigned-access-xsd.md + - name: Shell Launcher XSD + href: shell-launcher-xsd.md - name: Policies enforced on kiosk devices href: kiosk-policies.md - - name: Assigned access XML reference - href: kiosk-xml.md + - name: Assigned access XML examples + href: assigned-access-examples.md - name: On the way to 🪦 items: - name: _lock-down-windows-10-to-specific-apps