diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index eed052ba71..aa0f6ee57d 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -58,6 +58,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s - [What is dmwappushsvc?](#what-is-dmwappushsvc) - **Change history in MDM documentation** + - [July 2020](#july-2020) - [June 2020](#june-2020) - [May 2020](#may-2020) - [February 2020](#february-2020) @@ -313,7 +314,11 @@ Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelNam
  • Privacy/DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • Security/RecoveryEnvironmentAuthentication
    • +
  • System/AllowDesktopAnalyticsProcessing
  • System/AllowDeviceNameInDiagnosticData
    • +
  • System/AllowMicrosoftManagedDesktopProcessing
    • +
  • System/AllowUpdateComplianceProcessing
    • +
  • System/AllowWUfBCloudProcessing
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
    • @@ -1993,6 +1998,11 @@ What data is handled by dmwappushsvc? | It is a component handling the internal How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. | ## Change history in MDM documentation +### July 2020 +|New or updated topic | Description| +|--- | ---| +|[Policy CSP - System](policy-csp-system.md)|Added the following new policy settings:
    - System/AllowDesktopAnalyticsProcessing
    - System/AllowMicrosoftManagedDesktopProcessing
    - System/AllowUpdateComplianceProcessing
    - System/AllowWUfBCloudProcessing

    Updated the following policy setting:
    - System/AllowCommercialDataPipeline
    | + ### June 2020 |New or updated topic | Description| |--- | ---| diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md index bd877c1e04..eb3f8eb24e 100644 --- a/windows/client-management/mdm/policy-configuration-service-provider.md +++ b/windows/client-management/mdm/policy-configuration-service-provider.md @@ -3379,6 +3379,9 @@ The following diagram shows the Policy configuration service provider in tree fo
    System/AllowCommercialDataPipeline
    +
    + System/AllowDesktopAnalyticsProcessing +
    System/AllowDeviceNameInDiagnosticData
    @@ -3394,15 +3397,24 @@ The following diagram shows the Policy configuration service provider in tree fo
    System/AllowLocation
    +
    + System/AllowMicrosoftManagedDesktopProcessing +
    System/AllowStorageCard
    System/AllowTelemetry +
    +
    + System/AllowUpdateComplianceProcessing
    System/AllowUserToResetPhone
    +
    + System/AllowWUfBCloudProcessing +
    System/BootStartDriverInitialization
    diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md index e79a5df26a..84be3c8c4d 100644 --- a/windows/client-management/mdm/policy-csp-system.md +++ b/windows/client-management/mdm/policy-csp-system.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.technology: windows author: manikadhiman ms.localizationpriority: medium -ms.date: 09/27/2019 +ms.date: 06/25/2020 ms.reviewer: manager: dansimp --- @@ -28,6 +28,9 @@ manager: dansimp
    System/AllowCommercialDataPipeline
    +
    + System/AllowDesktopAnalyticsProcessing +
    System/AllowDeviceNameInDiagnosticData
    @@ -43,15 +46,24 @@ manager: dansimp
    System/AllowLocation
    +
    + System/AllowMicrosoftManagedDesktopProcessing +
    System/AllowStorageCard
    System/AllowTelemetry
    +
    + System/AllowUpdateComplianceProcessing +
    System/AllowUserToResetPhone
    +
    + System/AllowWUfBCloudProcessing +
    System/BootStartDriverInitialization
    @@ -212,16 +224,14 @@ The following list shows the supported values: -> [!NOTE] -> This policy setting applies only to the Windows operating system and apps included with Windows, it does not apply to third-party apps or services running on Windows 10. +This policy setting controls whether Microsoft is a processor or controller for Windows diagnostic data collected from devices. -This policy setting opts the device into the Windows enterprise data pipeline. +If you enable this policy and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data. -If you enable this setting, data collected from the device is opted into the Windows enterprise data pipeline. +If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device. -If you disable or do not configure this setting, all data from the device is collected and processed in accordance with the policies for the Windows standard data pipeline. - -Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. +>[!Note] +> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device. @@ -250,6 +260,85 @@ The following list shows the supported values:
    + +**System/AllowDesktopAnalyticsProcessing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Windows EditionSupported?
    Homecross mark
    Procheck mark
    Businesscheck mark
    Enterprisecheck mark
    Educationcheck mark
    + + +
    + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Desktop Analytics service is configured to use Windows diagnostic data collected from devices. + +If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data. + +If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device. + +>[!Note] +> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device. + + + +ADMX Info: +- GP English name: *Allow Desktop Analytics Processing* +- GP name: *AllowDesktopAnalyticsProcessing* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + +The following list shows the supported values: + +- 0 (default) – Diagnostic data is not processed by Desktop Analytics. +- 2 – Diagnostic data is allowed to be processed by Desktop Analytics. + + + + + + + + + + +
    + **System/AllowDeviceNameInDiagnosticData** @@ -598,6 +687,70 @@ The following list shows the supported values: - 1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off. - 2 – Force Location On. All Location Privacy settings are toggled on and grayed out. Users cannot change the settings and all consent permissions will be automatically suppressed. + + +
    + + +**System/AllowMicrosoftManagedDesktopProcessing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Windows EditionSupported?
    Homecross mark
    Procheck mark
    Businesscheck mark
    Enterprisecheck mark
    Educationcheck mark
    + + +
    + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Microsoft Managed Desktop service is configured to use Windows diagnostic data collected from devices. + +If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data. + +If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device. + +> [!Note] +> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device. + + + +The following list shows the supported values: + +- 0 (default)– Diagnostic data is not processed by Microsoft Managed Desktop. +- 32 – Diagnostic data is processed by Microsoft Managed Desktop. + @@ -801,6 +954,78 @@ ADMX Info:
    + +**System/AllowUpdateComplianceProcessing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Windows EditionSupported?
    Homecross mark
    Procheck mark
    Businesscheck mark
    Enterprisecheck mark
    Educationcheck mark
    + + +
    + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Update Compliance service is configured to use Windows diagnostic data collected from devices. + +If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data. + +If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device. + +>[!Note] +> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) setting to limit the diagnostic data that can be collected from the device. + + + +ADMX Info: +- GP English name: *Enable Update Compliance Processing* +- GP name: *AllowUpdateComplianceProcessing* +- GP path: *Data Collection and Preview Builds* +- GP ADMX file name: *DataCollection.admx* + + + +The following list shows the supported values: + +- 0 (default)– Diagnostic data is not processed by Update Compliance. +- 16 – Diagnostic data is allowed to be processed by Update Compliance. + + + +
    + **System/AllowUserToResetPhone** @@ -861,6 +1086,70 @@ The following list shows the supported values:
    + +**System/AllowWUfBCloudProcessing** + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    Windows EditionSupported?
    Homecross mark
    Procheck mark
    Businesscheck mark
    Enterprisecheck mark
    Educationcheck mark
    + + +
    + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * Device + +
    + + + +Available in Windows 10, version 1809 through 1909. This policy setting controls whether the Windows Update for Business cloud service is configured to use Windows diagnostic data collected from devices. + +If you enable this policy setting and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data. + +If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device. + +>[!Note] +> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device. + + + + +The following list shows the supported values: +- 0 (default) – Diagnostic data is not processed by Windows Update for Business cloud. +- 8 – Diagnostic data is allowed to be processed by Windows Update for Business cloud. + + + + + **System/BootStartDriverInitialization** diff --git a/windows/client-management/mdm/policy-csps-admx-backed.md b/windows/client-management/mdm/policy-csps-admx-backed.md index f79f85154e..fed6d0138d 100644 --- a/windows/client-management/mdm/policy-csps-admx-backed.md +++ b/windows/client-management/mdm/policy-csps-admx-backed.md @@ -406,6 +406,8 @@ ms.date: 07/18/2019 - [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#remoteshell-specifyshelltimeout) - [ServiceControlManager/SvchostProcessMitigation](./policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation) - [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices) +- [System/AllowDesktopAnalyticsProcessing](./policy-csp-system.md#system-allowdesktopanalyticsprocessing) +- [System/AllowUpdateComplianceProcessing](./policy-csp-system.md#system-allowppdatecomplianceprocessing) - [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization) - [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore) - [WindowsConnectionManager/ProhitConnectionToNonDomainNetworksWhenConnectedToDomainAuthenticatedNetwork](./policy-csp-windowsconnectionmanager.md#windowsconnectionmanager-prohitconnectiontonondomainnetworkswhenconnectedtodomainauthenticatednetwork)