Merge branch 'master' into lsaldanha-5475844

2025-06-18 11:53:37 +00:00 · 2021-10-14 15:45:19 -07:00
parent f59712b5b5 cdd7b8489d
commit 9496caadc0
30 changed files with 353 additions and 144 deletions
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -5,8 +5,8 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 06/02/2021
+author: dansimp
+ms.date: 10/14/2021
 ms.reviewer:
 manager: dansimp
 ---
@ -214,7 +214,7 @@ Requirements:

   If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.

-6. Wait for the SYSVOL DFSR replication to be completed and then restart the Domain Controller for the policy to be available.
+6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available.

 This procedure will work for any future version as well.

--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@ -1,6 +1,6 @@
 ---
 title: Mobile device management
-description: Windows 10 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
+description: Windows 10 and Windows 11 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
 MS-HAID:
 - 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
 - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
@ -15,9 +15,9 @@ author: dansimp
 # Mobile device management


-Windows 10 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices. A built-in management component can communicate with the management server.
+Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users’ privacy on their personal devices. A built-in management component can communicate with the management server.

-There are two parts to the Windows 10 management component:
+There are two parts to the Windows management component:

 -   The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
 -   The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@ -9,7 +9,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 10/08/2020
+ms.date: 10/11/2021
 ---

 # Policies in Policy CSP supported by HoloLens 2
@ -51,6 +51,7 @@ ms.date: 10/08/2020
 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
 - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) <sup>9</sup>
+- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) <sup>10</sup>
 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) <sup>9</sup>
 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) <sup>9</sup>
 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) <sup>9</sup>
@ -101,7 +102,13 @@ ms.date: 10/08/2020
 - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) <sup>9</sup>
 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
 - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
+- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) <sup>10</sup>
+- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) <sup>10</sup>
 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
+- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) <sup>10</sup>
+- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) <sup>10</sup>
+- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) <sup>10</sup>
+- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) <sup>10</sup>
 - [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
 - [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
 - [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
@ -109,7 +116,10 @@ ms.date: 10/08/2020
 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
 - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
 - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
+- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) <sup>10</sup>
+- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) <sup>10</sup>
 - [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
+- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) <sup>10</sup>
 - [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>
@ -125,6 +135,7 @@ Footnotes:
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
+- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)

 ## Related topics

--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 10/06/2020
+ms.date: 10/12/2021
 ms.reviewer: 
 manager: dansimp
 ---
@ -23,6 +23,9 @@ manager: dansimp
  <dd>
    <a href="#mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
  </dd>
+  <dd>
+    <a href="#mixedreality-autologonuser">MixedReality/AutoLogonUser</a>
+  </dd>
  <dd>
    <a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
  </dd>
@ -50,28 +53,28 @@ manager: dansimp
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>

 Steps to use this policy correctly:

 1. Create a device configuration profile for kiosk targeting Azure AD groups and assign it to HoloLens device(s).
-1. Create a custom OMA URI-based device configuration that sets this policy value to desired number of days (> 0) and assign it to HoloLens device(s).
+1. Create a custom OMA URI-based device configuration that sets this policy value to chosen number of days (> 0) and assign it to HoloLens devices.
    1. The URI value should be entered in OMA-URI text box as ./Vendor/MSFT/Policy/Config/MixedReality/AADGroupMembershipCacheValidityInDays
    1. The value can be between min / max allowed.
 1. Enroll HoloLens devices and verify both configurations get applied to the device.
 1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
 1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
-1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point here is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
+1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.

 > [!NOTE]
 > Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
@ -79,6 +82,50 @@ Steps to use this policy correctly:
 <!--/SupportedSKUs-->
 <hr/>

+<!--Policy-->
+<a href="" id="mixedreality-autologonuser"></a>**MixedReality/AutoLogonUser**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td>❌</td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td>❌</td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td>✔️</td>
+</tr>
+</table>
+
+<!--/Description-->
+This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly  distribute HoloLens devices and enable their end users to speed up login.
+
+When the policy is set to a non-empty value, it specifies the email address of the auto log on user. The specified user must logon to the device at least once to enable autologon.
+
+The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
+
+<!--SupportedValues-->
+String value
+- User with the same email address will have autologon enabled.
+
+On a device where this policy is configured, the user specified in the policy will need to log on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log on as a different user, the policy must first be disabled.
+
+> [!NOTE]
+>
+> - Some events such as major OS updates may require the specified user to logon to the device again to resume auto-logon behavior.
+> - Auto-logon is only supported for MSA and AAD users.
+
+<!--/SupportedSKUs-->
+<hr/>
+
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):

@ -114,15 +161,15 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>

@ -167,15 +214,15 @@ The following list shows the supported values:
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>

@ -221,15 +268,15 @@ The following list shows the supported values:
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>

@ -274,15 +321,15 @@ The following list shows the supported values:
 </tr>
 <tr>
    <td>HoloLens (1st gen) Development Edition</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens (1st gen) Commercial Suite</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+    <td>❌</td>
 </tr>
 <tr>
    <td>HoloLens 2</td>
-    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+    <td>✔️</td>
 </tr>
 </table>

@ -317,4 +364,3 @@ The following list shows the supported values:
 <hr/>

 <!--/Policies-->
-
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@ -5,8 +5,8 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
-ms.date: 07/07/2020
+author: dansimp
+ms.date: 10/11/2021
 ms.reviewer: 
 manager: dansimp
 ---
@ -50,8 +50,8 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 The following list shows the supported values:
 - 0 - Disable Microsoft Defender Application Guard
 - 1 - Enable Microsoft Defender Application Guard for Microsoft Edge ONLY
- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY
- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments
+- 2 - Enable Microsoft Defender Application Guard for isolated Windows environments ONLY (added in Windows 10, version 2004)
+- 3 - Enable Microsoft Defender Application Guard for Microsoft Edge AND isolated Windows environments (added in Windows 10, version 2004)

 <a href="" id="clipboardfiletype"></a>**Settings/ClipboardFileType**  
 Determines the type of content that can be copied from the host to Application Guard environment and vice versa. 
@ -279,7 +279,7 @@ Value type is integer. Supported operation is Get.
 - Bit 6 - Set to 1 when system reboot is required.

 <a href="" id="platformstatus"></a>**PlatformStatus**  
-Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. 
+Added in Windows 10, version 2004. Returns bitmask that indicates status of Application Guard platform installation and prerequisites on the device. 

 Value type is integer. Supported operation is Get.