From a0b726daf0c03797d10980a0d1defa849ac055bb Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 3 May 2019 23:38:14 -0700 Subject: [PATCH 01/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 155 ++++++------------ 1 file changed, 53 insertions(+), 102 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 923bfedcb3..1616b648c6 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -48,55 +48,6 @@ Note that **Get Help** and **Give us Feedback** links no longer work after the W We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. -## What's new in Windows 10, version 1809 Enterprise edition - -Here's a list of changes that were made to this article for Windows 10, version 1809: - -- Added a policy to disable Windows Defender SmartScreen - -## What's new in Windows 10, version 1803 Enterprise edition - -Here's a list of changes that were made to this article for Windows 10, version 1803: - -- Added a policy to turn off notifications network usage -- Added a policy for Microsoft Edge to turn off configuration updates for the Books Library -- Added a policy for Microsoft Edge to turn off Address Bar drop-down list suggestions - -## What's new in Windows 10, version 1709 Enterprise edition - -Here's a list of changes that were made to this article for Windows 10, version 1709: - -- Added the Phone calls section -- Added the Storage Health section -- Added discussion of apps for websites in the Microsoft Store section - -## What's new in Windows 10, version 1703 Enterprise edition - -Here's a list of changes that were made to this article for Windows 10, version 1703: - -- Added an MDM policy for Font streaming -- Added an MDM policy for Network Connection Status Indicator -- Added an MDM policy for the Micosoft Account Sign-In Assistant -- Added instructions for removing the Sticky Notes app -- Added registry paths for some Group Policies -- Added the Find My Device section -- Added the Tasks section -- Added the App Diagnostics section - -- Added the following Group Policies: - - - Prevent managing SmartScreen Filter - - Turn off Compatibility View - - Turn off Automatic Download and Install of updates - - Do not connect to any Windows Update locations - - Turn off access to all Windows Update features - - Specify Intranet Microsoft update service location - - Enable Windows NTP client - - Turn off Automatic download of the ActiveX VersionList - - Allow Automatic Update of Speech Data - - Accounts: Block Microsoft Accounts - - Do not use diagnostic data for tailored experiences - ## Management options for each setting The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure diagnostic data at the Security level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all of these connections. @@ -108,59 +59,59 @@ The following table lists management options for each setting, beginning with Wi >[!NOTE] >For some settings, MDM policies only partly cover capabilities available through Group Policy. See each setting’s section for more details. -| Setting | UI | Group Policy | MDM policy | Registry | Command line | -| - | :-: | :-: | :-: | :-: | :-: | -| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [9. License Manager](#bkmk-licmgr) | | | | ![Check mark](images/checkmark.png) | | -| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) | -| [18. Settings > Privacy](#bkmk-settingssection) | | | | | | -|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | | -|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | -|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | | | -| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | | -| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | +| Setting | UI | Group Policy | MDM policy | Registry | +| - | :-: | :-: | :-: | :-: | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [9. License Manager](#bkmk-licmgr) | | | | ![Check mark](images/checkmark.png) | +| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | +| [18. Settings > Privacy](#bkmk-settingssection) | | | | | +|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | +|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | | +| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | +| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ### Settings for Windows Server 2016 with Desktop Experience From 903400c4d1b9e698b50eeb5aff849015b3e4569c Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 3 May 2019 23:55:14 -0700 Subject: [PATCH 02/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 178 +++++++++--------- 1 file changed, 89 insertions(+), 89 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 1616b648c6..99e29bee27 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -118,110 +118,110 @@ The following table lists management options for each setting, beginning with Wi See the following table for a summary of the management settings for Windows Server 2016 with Desktop Experience. -| Setting | UI | Group Policy | Registry | Command line | -| - | :-: | :-: | :-: | :-: | -| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | | -| [18. Settings > Privacy](#bkmk-settingssection) | | | | | -|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [20. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | | -| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| Setting | UI | Group Policy | Registry | +| - | :-: | :-: | :-: | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | +| [18. Settings > Privacy](#bkmk-settingssection) | | | | +|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [20. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | +| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ### Settings for Windows Server 2016 Server Core See the following table for a summary of the management settings for Windows Server 2016 Server Core. -| Setting | Group Policy | Registry | Command line | -| - | :-: | :-: | :-: | :-: | :-: | -| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [14. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | | | -| [19. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | | | -| [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [24. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| Setting | Group Policy | Registry | +| - | :-: | :-: | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [14. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | | +| [19. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | +| [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | | +| [24. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ### Settings for Windows Server 2016 Nano Server See the following table for a summary of the management settings for Windows Server 2016 Nano Server. -| Setting | Registry | Command line | -| - | :-: | :-: | :-: | :-: | :-: | -| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | | -| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | | -| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | -| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | | +| Setting | Registry | +| - | :-: | :-: | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | +| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | +| [22. Teredo](#bkmk-teredo) | | +| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ### Settings for Windows Server 2019 See the following table for a summary of the management settings for Windows Server 2019. -| Setting | UI | Group Policy | MDM policy | Registry | Command line | -| - | :-: | :-: | :-: | :-: | :-: | -| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) | -| [18. Settings > Privacy](#bkmk-settingssection) | | | | | | -|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | | -|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | -|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.21 Inking & Typing](#bkmk-priv-ink) | | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | | | -| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | -|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | | -| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | +| Setting | UI | Group Policy | MDM policy | Registry | +| - | :-: | :-: | :-: | :-: | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | +| [18. Settings > Privacy](#bkmk-settingssection) | | | | | +|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | +|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.21 Inking & Typing](#bkmk-priv-ink) | | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | | +| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | +| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ## How to configure each setting From ccf0f2ea9ab2b074c63d6860648d7a374edf96f4 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 3 May 2019 23:58:37 -0700 Subject: [PATCH 03/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 99e29bee27..a3902d9ea0 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -160,7 +160,7 @@ See the following table for a summary of the management settings for Windows Ser See the following table for a summary of the management settings for Windows Server 2016 Nano Server. | Setting | Registry | -| - | :-: | :-: | +| - | :-: | | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | | [22. Teredo](#bkmk-teredo) | | From bc561e1fe8930093b0ceeca03ca548c70f65e3ff Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Sat, 4 May 2019 00:07:13 -0700 Subject: [PATCH 04/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 100 +++++++++--------- 1 file changed, 50 insertions(+), 50 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index a3902d9ea0..53d253142c 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -59,59 +59,59 @@ The following table lists management options for each setting, beginning with Wi >[!NOTE] >For some settings, MDM policies only partly cover capabilities available through Group Policy. See each setting’s section for more details. -| Setting | UI | Group Policy | MDM policy | Registry | -| - | :-: | :-: | :-: | :-: | -| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [9. License Manager](#bkmk-licmgr) | | | | ![Check mark](images/checkmark.png) | -| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | -| [18. Settings > Privacy](#bkmk-settingssection) | | | | | -|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | -|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| Setting | UI | Group Policy | Registry | +| - | :-: | :-: | :-: | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [9. License Manager](#bkmk-licmgr) | | | ![Check mark](images/checkmark.png) | +| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | +| [18. Settings > Privacy](#bkmk-settingssection) | | | | +|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| +|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | | -| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | -| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ### Settings for Windows Server 2016 with Desktop Experience From 79db69e04c022b5e2529c3914165a208813953be Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Sat, 4 May 2019 00:19:24 -0700 Subject: [PATCH 05/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 102 +++++++++--------- 1 file changed, 51 insertions(+), 51 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 53d253142c..1b00182dc9 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -170,58 +170,58 @@ See the following table for a summary of the management settings for Windows Ser See the following table for a summary of the management settings for Windows Server 2019. -| Setting | UI | Group Policy | MDM policy | Registry | -| - | :-: | :-: | :-: | :-: | -| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| Setting | UI | Group Policy | Registry | +| - | :-: | :-: | :-: | +| [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | -| [18. Settings > Privacy](#bkmk-settingssection) | | | | | -|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| ![Check mark](images/checkmark.png) | -|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | -|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.21 Inking & Typing](#bkmk-priv-ink) | | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | | -| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | -|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | -| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [6. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [7. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [8. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [11. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [13. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [15. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [17. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | +| [18. Settings > Privacy](#bkmk-settingssection) | | | | +|     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png)| +|     [18.6 Speech](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.13 Phone calls](#bkmk-priv-phone-calls) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +|     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.21 Inking & Typing](#bkmk-priv-ink) | | | ![Check mark](images/checkmark.png) | +| [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | +| [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | | +| [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ## How to configure each setting From 9d88227d5998fa30f911f3dfeda3a962f8291f1b Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Sat, 4 May 2019 00:21:54 -0700 Subject: [PATCH 06/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 1b00182dc9..77904998e6 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -109,7 +109,7 @@ The following table lists management options for each setting, beginning with Wi |     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | +|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | | [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | @@ -219,7 +219,7 @@ See the following table for a summary of the management settings for Windows Ser |     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | | +|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | | | [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | From 974f967c4580d243267ca923492f1361725dd740 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Sat, 4 May 2019 00:25:48 -0700 Subject: [PATCH 07/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 77904998e6..53e0bf5f70 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -137,7 +137,7 @@ See the following table for a summary of the management settings for Windows Ser | [20. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [27.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | +|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | | [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ### Settings for Windows Server 2016 Server Core @@ -221,7 +221,7 @@ See the following table for a summary of the management settings for Windows Ser | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [26.1 Apps for websites](#bkmk-apps-for-websites) | | | | [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ## How to configure each setting From bcd69a998272ade26e8d20e1447c40171e9f0803 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Sat, 4 May 2019 00:27:24 -0700 Subject: [PATCH 08/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 53e0bf5f70..37c46d6aaf 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -446,7 +446,7 @@ To turn off Insider Preview builds for Windows 10: ### 8. Internet Explorer > [!NOTE] -> The following Group Policies and Registry Keys are for user interactive scenarios rather then the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: +> The following Group Policies and Registry Keys are for user interactive scenarios rather then the typical idle traffic scenario. Find the Internet Explorer Group Policy objects under **Computer Configuration > Administrative Templates > Windows Components > Internet Explorer** and make these settings: | Policy | Description | |------------------------------------------------------|-----------------------------------------------------------------------------------------------------| From 81600f747eb272afa1dcc50a2e1e77e9ae1def95 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Sat, 4 May 2019 00:41:15 -0700 Subject: [PATCH 09/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 290 +----------------- 1 file changed, 1 insertion(+), 289 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 37c46d6aaf..72bb0cefbe 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -325,14 +325,6 @@ You can also apply the Group Policies using the following registry keys: If your organization tests network traffic, do not use a network proxy as Windows Firewall does not block proxy traffic. Instead, use a network traffic analyzer. Based on your needs, there are many network traffic analyzers available at no cost. -### 2.2 Cortana and Search MDM policies - -For Windows 10 only, the following Cortana MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). - -| Policy | Description | -|------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| Experience/AllowCortana | Choose whether to let Cortana install and run on the device. | -| Search/AllowSearchToUseLocation | Choose whether Cortana and Search can provide location-aware search results.
Default: Allowed| ### 3. Date & Time @@ -363,9 +355,6 @@ To prevent Windows from retrieving device metadata from the Internet: - Create a new REG_DWORD registry setting named **PreventDeviceMetadataFromNetwork** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Device Metadata** and set it to 1 (one). - -or - - -- Apply the DeviceInstallation/PreventDeviceMetadataFromNetwork MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork). ### 5. Find My Device @@ -393,13 +382,6 @@ If you're running Windows 10, version 1607, Windows Server 2016, or later: - Create a new REG_DWORD registry setting **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\System\\EnableFontProviders** to **0 (zero)**. - -or- - -- In Windows 10, version 1703, you can apply the System/AllowFontProviders MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where: - - - **False**. Font streaming is Disabled. - - - **True**. Font streaming is Enabled. > [!NOTE] > After you apply this policy, you must restart the device for it to take effect. @@ -433,15 +415,6 @@ To turn off Insider Preview builds for Windows 10: - Create a new REG_DWORD registry setting named **AllowBuildPreview** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\PreviewBuilds** with a **value of 0 (zero)** - -or- - -- Apply the System/AllowBuildPreview MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where: - - - **0**. Users cannot make their devices available for downloading and installing preview software. - - - **1**. Users can make their devices available for downloading and installing preview software. - - - **2**. (default) Not configured. Users can make their devices available for download and installing preview software. ### 8. Internet Explorer @@ -562,9 +535,6 @@ To turn off mail synchronization for Microsoft Accounts that are configured on a - Remove any Microsoft Accounts from the Mail app. - -or- - -- Apply the Accounts/AllowMicrosoftAccountConnection MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed. This does not apply to Microsoft Accounts that have already been configured on the device. To turn off the Windows Mail app: @@ -583,8 +553,6 @@ To prevent communication to the Microsoft Account cloud authentication service. To disable the Microsoft Account Sign-In Assistant: -- Apply the Accounts/AllowMicrosoftAccountSignInAssistant MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on. - - Change the **Start** REG_DWORD registry setting in **HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to a value of **4**. @@ -627,21 +595,6 @@ Alternatively, you can configure the these Registry keys as described: | Choose whether employees can configure Compatibility View. | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\MicrosoftEdge\\BrowserEmulation
REG_DWORD: MSCompatibilityMode
Value: **0**| -### 13.2 Microsoft Edge MDM policies - -The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). - -| Policy | Description | -|------------------------------------------------------|-----------------------------------------------------------------------------------------------------| -| Browser/AllowAutoFill | Choose whether employees can use autofill on websites.
**Set to: Not Allowed** | -| Browser/AllowDoNotTrack | Choose whether employees can send Do Not Track headers.
**Set to: Allowed** | -| Browser/AllowMicrosoftCompatbilityList | Specify the Microsoft compatibility list in Microsoft Edge.
**Set to: Not Allowed** | -| Browser/AllowPasswordManager | Choose whether employees can save passwords locally on their devices.
**Set to: Not Allowed** | -| Browser/AllowSearchSuggestionsinAddressBar | Choose whether the Address Bar shows search suggestions..
**Set to: Not Allowed** | -| Browser/AllowSmartScreen | Choose whether SmartScreen is turned on or off.
**Set to: Not Allowed** | -| Browser/FirstRunURL | Choose the home page for Microsoft Edge on Windows Mobile 10.
**Set to:** blank | - - For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies). ### 14. Network Connection Status Indicator @@ -654,7 +607,6 @@ You can turn off NCSI by doing one of the following: - **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Windows Network Connectivity Status Indicator active tests** -- In Windows 10, version 1703 and later, apply the Connectivity/DisallowNetworkConnectivityActiveTests MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) with a value of 1. > [!NOTE] > After you apply this policy, you must restart the device for the policy setting to take effect. @@ -673,10 +625,6 @@ You can turn off the ability to download and update offline maps. - Create a REG_DWORD registry setting named **AutoDownloadAndUpdateMapData** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\Maps** with a **value of 0 (zero)**. - -or- - -- In Windows 10, version 1607 and later, apply the Maps/EnableOfflineMapsAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate) with a **value of 0**. - -and- - In Windows 10, version 1607 and later, **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page** @@ -703,10 +651,6 @@ To turn off OneDrive in your organization: - Create a REG_DWORD registry setting named **PreventNetworkTrafficPreUserSignIn** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\OneDrive** with a **value of 1 (one)** --or- - -- Set the System/DisableOneDriveFileSync MDM policy from the [Policy CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync) to True (value 1) to disable OneDrive File Sync. - ### 17. Preinstalled apps @@ -951,14 +895,6 @@ To turn off **Send Microsoft info about how I write to help us improve typing an - Turn off the feature in the UI. - -or- - -- Apply the TextInput/AllowLinguisticDataCollection MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where: - - - **0**. Not allowed - - - **1**. Allowed (default) - To turn off **Let websites provide locally relevant content by accessing my language list**: - Turn off the feature in the UI. @@ -999,18 +935,6 @@ To turn off **Location for this device**: - Create a REG_DWORD registry setting named **LetAppsAccessLocation** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**. - -or- - -- Apply the System/AllowLocation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where: - - - **0**. Turned off and the employee can't turn it back on. - - - **1**. Turned on, but lets the employee choose whether to use it. (default) - - - **2**. Turned on and the employee can't turn it off. - - > [!NOTE] - > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). To turn off **Location**: @@ -1053,17 +977,6 @@ To turn off **Let apps use my camera**: - Create a REG_DWORD registry setting named **LetAppsAccessCamera** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). - -or- - -- Apply the Camera/AllowCamera MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where: - - - **0**. Apps can't use the camera. - - - **1**. Apps can use the camera. - - > [!NOTE] - > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). - To turn off **Choose apps that can use your camera**: @@ -1085,14 +998,6 @@ To turn off **Let apps use my microphone**: -or- -- Apply the Privacy/LetAppsAccessMicrophone MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmicrophone), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessMicrophone** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) To turn off **Choose apps that can use your microphone**: @@ -1101,9 +1006,6 @@ To turn off **Choose apps that can use your microphone**: ### 18.5 Notifications ->[!IMPORTANT] ->Disabling notifications will also disable the ability to manage the device through MDM. If you are using an MDM solution, make sure cloud notifications are enabled through one of the options below. - To turn off notifications network usage: - Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage** @@ -1114,13 +1016,6 @@ To turn off notifications network usage: - Create a REG_DWORD registry setting named **NoCloudApplicationNotification** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\CurrentVersion\\PushNotifications** with a value of 1 (one) - -or- - - -- Apply the Notifications/DisallowCloudNotification MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification), where: - - - **0**. WNS notifications allowed - - **1**. No WNS notifications allowed In the **Notifications** area, you can also choose which apps have access to notifications. @@ -1136,14 +1031,6 @@ To turn off **Let apps access my notifications**: -or- -- Apply the Privacy/LetAppsAccessNotifications MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessnotifications), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessNotifications** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two) ### 18.6 Speech @@ -1160,10 +1047,6 @@ To turn off streaming audio to Microsoft Speech services, -or- -- Set the Privacy\AllowInputPersonalization MDM Policy from the Policy CSP to **0 - Not allowed** - - -or- - - Create a REG_DWORD registry setting named **HasAccepted** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Speech_OneCore\\Settings\\OnlineSpeechPrivacy** with a **value of 0 (zero)** ### 18.7 Account info @@ -1182,14 +1065,6 @@ To turn off **Let apps access my name, picture, and other account info**: -or- -- Apply the Privacy/LetAppsAccessAccountInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessaccountinfo), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessAccountInfo** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). @@ -1214,14 +1089,6 @@ To turn off **Choose apps that can access contacts**: -or- -- Apply the Privacy/LetAppsAccessContacts MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscontacts), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessContacts** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 18.9 Calendar @@ -1240,14 +1107,6 @@ To turn off **Let apps access my calendar**: -or- -- Apply the Privacy/LetAppsAccessCalendar MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscalendar), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessCalendar** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). To turn off **Choose apps that can access calendar**: @@ -1270,14 +1129,6 @@ To turn off **Let apps access my call history**: -or- - - Apply the Privacy/LetAppsAccessCallHistory MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesscallhistory), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessCallHistory** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 18.11 Email @@ -1296,14 +1147,6 @@ To turn off **Let apps access and send email**: -or- - - Apply the Privacy/LetAppsAccessEmail MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessemail), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessEmail** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). ### 18.12 Messaging @@ -1322,14 +1165,6 @@ To turn off **Let apps read or send messages (text or MMS)**: -or- -- Apply the Privacy/LetAppsAccessMessaging MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmessaging), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessMessaging** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). To turn off **Choose apps that can read or send messages**: @@ -1362,14 +1197,6 @@ To turn off **Let apps make phone calls**: -or- -- Apply the Privacy/LetAppsAccessPhone MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessPhone** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). @@ -1393,14 +1220,6 @@ To turn off **Let apps control radios**: -or- -- Apply the Privacy/LetAppsAccessRadios MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessradios), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsAccessRadios** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a value of 2 (two). @@ -1422,10 +1241,6 @@ To turn off **Let apps automatically share and sync info with wireless devices t -or- -- Set the Privacy/LetAppsSyncWithDevices MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappssyncwithdevices) to **2**. Force deny - - -or- - - Create a REG_DWORD registry setting named **LetAppsSyncWithDevices** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**. To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**: @@ -1440,14 +1255,6 @@ To turn off **Let your apps use your trusted devices (hardware you've already co - Create a REG_DWORD registry setting named **LetAppsAccessTrustedDevices** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**. - -or- - -- Apply the **Privacy/LetAppsAccessTrustedDevices** MDM policy from the [Policy CSP](/windows/client-management/mdm/policy-csp-privacy.md#privacy-letappsaccesstrusteddevices -), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny ### 18.16 Feedback & diagnostics @@ -1502,19 +1309,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic > [!NOTE] > If the **Security** option is configured by using Group Policy or the Registry, the value will not be reflected in the UI. The **Security** option is only available in Windows 10 Enterprise edition. - - -or- - -- Apply the System/AllowTelemetry MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where: - - - **0**. Maps to the **Security** level. - - - **1**. Maps to the **Basic** level. - - - **2**. Maps to the **Enhanced** level. - - - **3**. Maps to the **Full** level. - + To turn off tailored experiences with relevant tips and recommendations by using your diagnostics data: @@ -1557,9 +1352,6 @@ To turn off **Let apps run in the background**: - Create a REG_DWORD registry setting named **LetAppsRunInBackground** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)** - -or- - -- Set the Privacy/LetAppsRunInBackground MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessruninbackground) to **2 Force Deny**. > [!NOTE] > Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**. @@ -1580,14 +1372,6 @@ To turn off **Let Windows and your apps use your motion data and collect motion - Create a REG_DWORD registry setting named **LetAppsAccessMotion** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**. - -or- - -- Apply the Privacy/LetAppsAccessMotion MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccessmotion), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny - ### 18.19 Tasks @@ -1605,13 +1389,6 @@ To turn this off: - Create a REG_DWORD registry setting named **LetAppsAccessTasks** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**. - -or- - -- Apply the Privacy/LetAppsAccessTasks MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsaccesstasks), where: - - - **0**. User in control - - **1**. Force allow - - **2**. Force deny ### 18.20 App Diagnostics @@ -1629,10 +1406,6 @@ To turn this off: - Create a REG_DWORD registry setting named **LetAppsGetDiagnosticInfo** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 2 (two)**. - -or- - -- Set the Privacy/LetAppsGetDiagnosticInfo MDM policy from the [Policy CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/policy-configuration-service-provider#privacy-letappsgetdiagnosticinfo) to **2**. Force deny - ### 18.21 Inking & Typing @@ -1646,11 +1419,6 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)** - -or- - - - Set the Privacy\AllowInputPersonalization MDM Policy from the Policy CSP. - [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) to **0** (not allowed). This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. - If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models: @@ -1660,10 +1428,6 @@ If you're running at least Windows 10, version 1703, you can turn off updates to - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** - -or- - - - Set the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Speech_AllowSpeechModelUpdate) to **0** - > [!NOTE] > Releases 1803 and earlier support **Speech, Inking, & Typing** as a combined settings area. For customizing those setting please follow the below instructions. For 1809 and above **Speech** and **Inking & Typing** are separate settings pages, please see the specific section (18.6 Speech or 18.21 Inking and Typing) above for those areas. @@ -1702,10 +1466,6 @@ In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better -or- - - Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) and **set the value to 1 (Enabled)**. - - -or- - - Create a REG_DWORD registry setting named **NoGenTicket** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\CurrentVersion\\Software Protection Platform** with a **value of 1 (one)**. **For Windows Server 2019 or later:** @@ -1749,11 +1509,6 @@ You can control if your settings are synchronized: - Create a REG_DWORD registry setting named **DisableSettingSync** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 2 (two) and another named **DisableSettingSyncUserOverride** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\SettingSync** with a value of 1 (one). - -or- - -- Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) and **set the value to 0 (not allowed)**. - - To turn off Messaging cloud sync: - Note: There is no Group Policy corresponding to this registry key. @@ -1812,10 +1567,6 @@ You can disconnect from the Microsoft Antimalware Protection Service. - Delete the registry setting **named** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Updates**. --OR- - -- For Windows 10 only, apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). - You can stop sending file samples back to Microsoft. @@ -1823,10 +1574,6 @@ You can stop sending file samples back to Microsoft. -or- -- For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-defender) to **2 (two) for Never Send**. - - -or- - - Use the registry to set the REG_DWORD value **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to **2 (two) for Never Send**. @@ -1893,10 +1640,6 @@ To disable Windows Defender Smartscreen: - Create a SZ registry setting named **ConfigureAppInstallControl** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows Defender\\SmartScreen** with a value of **Anywhere**. --OR- - -- Set the Browser/AllowSmartScreen MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) to **0 (turned Off)**. - ### 25. Windows Spotlight @@ -1911,10 +1654,6 @@ If you're running Windows 10, version 1607 or later, you need to: -or- -- For Windows 10 only, apply the Experience/AllowWindowsSpotlight MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-experience), with a value of 0 (zero). - - -or- - - Create a new REG_DWORD registry setting named **DisableWindowsSpotlightFeatures** in **HKEY_CURRENT_USER\\SOFTWARE\\Policies\\Microsoft\\Windows\\CloudContent** with a value of 1 (one). @@ -2056,18 +1795,6 @@ You can find the Delivery Optimization Group Policy objects under **Computer Con - Create a new REG_DWORD registry setting named **DODownloadMode** in **HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows\\DeliveryOptimization** to a value of **100 (one hundred)**. -### 27.4 Delivery Optimization MDM policies - -The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). - -| MDM Policy | Description | -|---------------------------|-----------------------------------------------------------------------------------------------------| -| DeliveryOptimization/DODownloadMode | Lets you choose where Delivery Optimization gets or sends updates and apps, including | -| DeliveryOptimization/DOGroupID | Lets you provide a Group ID that limits which PCs can share apps and updates.
**Note** This ID must be a GUID.| -| DeliveryOptimization/DOMaxCacheAge | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache.
The default value is 259200 seconds (3 days).| -| DeliveryOptimization/DOMaxCacheSize | Lets you specify the maximum cache size as a percentage of disk size.
The default value is 20, which represents 20% of the disk.| -| DeliveryOptimization/DOMaxUploadBandwidth | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth.| - For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684). @@ -2118,21 +1845,6 @@ You can turn off automatic updates by doing one of the following. This is not re - Add a REG_DWORD value named **AutoDownload** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5. - -or- - -- For Windows 10 only, apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-update), where: - - - **0**. Notify the user before downloading the update. - - - **1**. Auto install the update and then notify the user to schedule a device restart. - - - **2** (default). Auto install and restart. - - - **3**. Auto install and restart at a specified time. - - - **4**. Auto install and restart without end-user control. - - - **5**. Turn off automatic updates. For China releases of Windows 10 there is one additional Regkey to be set to prevent traffic: From ba046cc060498140ddec69490a6c8a2020520465 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 11:57:29 -0700 Subject: [PATCH 10/90] Create windows-endpoints-1903-non-enterprise-editions.md --- ...-endpoints-1903-non-enterprise-editions.md | 271 ++++++++++++++++++ 1 file changed, 271 insertions(+) create mode 100644 windows/privacy/windows-endpoints-1903-non-enterprise-editions.md diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md new file mode 100644 index 0000000000..44fadd939e --- /dev/null +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -0,0 +1,271 @@ +--- +title: Windows 10, version 1809, connection endpoints for non-Enterprise editions +description: Explains what Windows 10 endpoints are used in non-Enterprise editions. +keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.localizationpriority: high +audience: ITPro +author: danihalfin +ms.author: daniha +manager: dansimp +ms.collection: M365-security-compliance +ms.topic: article +ms.date: 6/26/2018 +--- +# Windows 10, version 1809, connection endpoints for non-Enterprise editions + + **Applies to** + +- Windows 10 Home, version 1809 +- Windows 10 Professional, version 1809 +- Windows 10 Education, version 1809 + +In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1809-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1809. + +We used the following methodology to derive these network endpoints: + +1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. +2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. +4. Compile reports on traffic going to public IP addresses. +5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. + +> [!NOTE] +> Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. + +## Windows 10 Family + +| **Destination** | **Protocol** | **Description** | +| --- | --- | --- | +|\*.aria.microsoft.com*|HTTPS|Microsoft Office Telemetry +|\*.b.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use +|\*.c-msedge.net|HTTP|Microsoft Office +|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update +|\*.download.windowsupdate.com*|HTTP|Used to download operating system patches and updates +|\*.g.akamai*.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use +|\*.login.msa.*.net|HTTPS|Microsoft Account related +|\*.msn.com*|TLSv1.2/HTTPS|Windows Spotlight +|\*.skype.com|HTTP/HTTPS|Skype +|\*.smartscreen.microsoft.com*|HTTPS|Windows Defender Smartscreen +|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting +|*cdn.onenote.net*|HTTP|OneNote +|*displaycatalog.*mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store +|*emdl.ws.microsoft.com*|HTTP|Windows Update +|*geo-prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update +|*hwcdn.net*|HTTP|Highwinds Content Delivery Network / Windows updates +|*img-prod-cms-rt-microsoft-com*|HTTPS|Microsoft Store or Inbox MSN Apps image download +|*licensing.*mp.microsoft.com*|HTTPS|Licensing +|*maps.windows.com*|HTTPS|Related to Maps application +|*msedge.net*|HTTPS|Used by Microsoft OfficeHub to get the metadata of Microsoft Office apps +|*nexusrules.officeapps.live.com*|HTTPS|Microsoft Office Telemetry +|*photos.microsoft.com*|HTTPS|Photos App +|*prod.do.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for Windows Update downloads of apps and OS updates +|*purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store +|*settings.data.microsoft.com.akadns.net|HTTPS|Used for Windows apps to dynamically update their configuration +|*wac.phicdn.net*|HTTP|Windows Update +|*windowsupdate.com*|HTTP|Windows Update +|*wns.*windows.com*|TLSv1.2/HTTPS|Used for the Windows Push Notification Services (WNS) +|*wpc.v0cdn.net*|HTTP|Windows Telemetry +|arc.msn.com|HTTPS|Spotlight +|auth.gfx.ms*|HTTPS|MSA related +|cdn.onenote.net|HTTPS|OneNote Live Tile +|dmd.metaservices.microsoft.com*|HTTP|Device Authentication +|e-0009.e-msedge.net|HTTPS|Microsoft Office +|e10198.b.akamaiedge.net|HTTPS|Maps application +|evoke-windowsservices-tas.msedge*|HTTPS|Photos app +|fe2.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store +|fe3.*.mp.microsoft.com.*|TLSv1.2/HTTPS|Windows Update, Microsoft Update, and Microsoft Store services +|g.live.com*|HTTPS|OneDrive +|go.microsoft.com|HTTP|Windows Defender +|iriscoremetadataprod.blob.core.windows.net|HTTPS|Windows Telemetry +|login.live.com|HTTPS|Device Authentication +|msagfx.live.com|HTTP|OneDrive +|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities +|officeclient.microsoft.com|HTTPS|Microsoft Office +|oneclient.sfx.ms*|HTTPS|Used by OneDrive for Business to download and verify app updates +|onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office +|ow1.res.office365.com|HTTP|Microsoft Office +|pti.store.microsoft.com|HTTPS|Microsoft Store +|purchase.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store +|query.prod.cms.rt.microsoft.com*|HTTPS|Used to retrieve Windows Spotlight metadata +|ris.api.iris.microsoft.com*|TLSv1.2/HTTPS|Used to retrieve Windows Spotlight metadata +|ris-prod-atm.trafficmanager.net|HTTPS|Azure traffic manager +|s-0001.s-msedge.net|HTTPS|Microsoft Office +|self.events.data.microsoft.com|HTTPS|Microsoft Office +|settings.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration +|settings-win.data.microsoft.com*|HTTPS|Used for Windows apps to dynamically update their configuration +|share.microsoft.com|HTTPS|Microsoft Store +|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Microsoft Store +|sls.update.microsoft.com*|TLSv1.2/HTTPS|Enables connections to Windows Update +|slscr.update.microsoft.com*|HTTPS|Enables connections to Windows Update +|store*.dsx.mp.microsoft.com*|HTTPS|Used to communicate with Microsoft Store +|storecatalogrevocation.storequality.microsoft.com|HTTPS|Microsoft Store +|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store +|store-images.*microsoft.com*|HTTP|Used to get images that are used for Microsoft Store suggestions +|storesdk.dsx.mp.microsoft.com|HTTP|Microsoft Store +|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile +|time.windows.com|HTTP|Microsoft Windows Time related +|tsfe.trafficshaping.dsp.mp.microsoft.com*|TLSv1.2/HTTPS|Used for content regulation +|v10.events.data.microsoft.com|HTTPS|Diagnostic Data +|watson.telemetry.microsoft.com|HTTPS|Diagnostic Data +|wdcp.microsoft.*|TLSv1.2, HTTPS|Used for Windows Defender when Cloud-based Protection is enabled +|wd-prod-cp-us-west-1-fe.westus.cloudapp.azure.com|HTTPS|Windows Defender +|wusofficehome.msocdn.com|HTTPS|Microsoft Office +|www.bing.com*|HTTP|Used for updates for Cortana, apps, and Live Tiles +|www.msftconnecttest.com|HTTP|Network Connection (NCSI) +|www.office.com|HTTPS|Microsoft Office + + +## Windows 10 Pro + +| **Destination** | **Protocol** | **Description** | +| --- | --- | --- | +|\*.cloudapp.azure.com|HTTPS|Azure +|\*.delivery.dsp.mp.microsoft.com.nsatc.net|HTTPS|Windows Update, Microsoft Update, and Microsoft Store services +|\*.displaycatalog.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store +|\*.dl.delivery.mp.microsoft.com*|HTTP|Enables connections to Windows Update +|\*.e-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps +|\*.g.akamaiedge.net|HTTPS|Used to check for updates to maps that have been downloaded for offline use +|\*.s-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps +|\*.windowsupdate.com*|HTTP|Enables connections to Windows Update +|\*.wns.notify.windows.com.akadns.net|HTTPS|Used for the Windows Push Notification Services (WNS) +|\*dsp.mp.microsoft.com.nsatc.net|HTTPS|Enables connections to Windows Update +|\*c-msedge.net|HTTP|Office +|a1158.g.akamai.net|HTTP|Maps application +|arc.msn.com*|HTTP / HTTPS|Used to retrieve Windows Spotlight metadata +|blob.mwh01prdstr06a.store.core.windows.net|HTTPS|Microsoft Store +|browser.pipe.aria.microsoft.com|HTTPS|Microsoft Office +|bubblewitch3mobile.king.com|HTTPS|Bubble Witch application +|candycrush.king.com|HTTPS|Candy Crush application +|cdn.onenote.net|HTTP|Microsoft OneNote +|cds.p9u4n2q3.hwcdn.net|HTTP|Highwinds Content Delivery Network traffic for Windows updates +|client.wns.windows.com|HTTPS|Winddows Notification System +|co4.telecommand.telemetry.microsoft.com.akadns.net|HTTPS|Windows Error Reporting +|config.edge.skype.com|HTTPS|Microsoft Skype +|cs11.wpc.v0cdn.net|HTTP|Windows Telemetry +|cs9.wac.phicdn.net|HTTP|Windows Update +|cy2.licensing.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store +|cy2.purchase.md.mp.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store +|cy2.settings.data.microsoft.com.akadns.net|HTTPS|Used to communicate with Microsoft Store +|dmd.metaservices.microsoft.com.akadns.net|HTTP|Device Authentication +|e-0009.e-msedge.net|HTTPS|Microsoft Office +|e10198.b.akamaiedge.net|HTTPS|Maps application +|fe3.update.microsoft.com|HTTPS|Windows Update +|g.live.com|HTTPS|Microsoft OneDrive +|g.msn.com.nsatc.net|HTTPS|Used to retrieve Windows Spotlight metadata +|geo-prod.do.dsp.mp.microsoft.com|HTTPS|Windows Update +|go.microsoft.com|HTTP|Windows Defender +|iecvlist.microsoft.com|HTTPS|Microsoft Edge +|img-prod-cms-rt-microsoft-com.akamaized.net|HTTP / HTTPS|Microsoft Store +|ipv4.login.msa.akadns6.net|HTTPS|Used for Microsoft accounts to sign in +|licensing.mp.microsoft.com|HTTP|Licensing +|location-inference-westus.cloudapp.net|HTTPS|Used for location data +|login.live.com|HTTP|Device Authentication +|maps.windows.com|HTTP|Maps application +|modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting +|msagfx.live.com|HTTP|OneDrive +|nav.smartscreen.microsoft.com|HTTPS|Windows Defender +|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities +|oneclient.sfx.ms|HTTP|OneDrive +|pti.store.microsoft.com|HTTPS|Microsoft Store +|ris.api.iris.microsoft.com.akadns.net|HTTPS|Used to retrieve Windows Spotlight metadata +|ris-prod-atm.trafficmanager.net|HTTPS|Azure +|s2s.config.skype.com|HTTP|Microsoft Skype +|settings-win.data.microsoft.com|HTTPS|Application settings +|share.microsoft.com|HTTPS|Microsoft Store +|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Microsoft Skype +|slscr.update.microsoft.com|HTTPS|Windows Update +|storecatalogrevocation.storequality.microsoft.com|HTTPS|Microsoft Store +|store-images.microsoft.com|HTTPS|Microsoft Store +|tile-service.weather.microsoft.com/*|HTTP|Used to download updates to the Weather app Live Tile +|time.windows.com|HTTP|Windows time +|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Used for content regulation +|v10.events.data.microsoft.com*|HTTPS|Microsoft Office +|vip5.afdorigin-prod-am02.afdogw.com|HTTPS|Used to serve office 365 experimentation traffic +|watson.telemetry.microsoft.com|HTTPS|Telemetry +|wdcp.microsoft.com|HTTPS|Windows Defender +|wusofficehome.msocdn.com|HTTPS|Microsoft Office +|www.bing.com|HTTPS|Cortana and Search +|www.microsoft.com|HTTP|Diagnostic +|www.msftconnecttest.com|HTTP|Network connection +|www.office.com|HTTPS|Microsoft Office + + + +## Windows 10 Education + +| **Destination** | **Protocol** | **Description** | +| --- | --- | --- | +|\*.b.akamaiedge.net|HTTPS|Used to check for updates to maps that have been downloaded for offline use +|\*.c-msedge.net|HTTP|Used by OfficeHub to get the metadata of Office apps +|\*.dl.delivery.mp.microsoft.com*|HTTP|Windows Update +|\*.e-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps +|\*.g.akamaiedge.net|HTTPS|Used to check for updates to Maps that have been downloaded for offline use +|\*.licensing.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store +|\*.settings.data.microsoft.com.akadns.net|HTTPS|Microsoft Store +|\*.skype.com*|HTTPS|Used to retrieve Skype configuration values +|\*.smartscreen*.microsoft.com|HTTPS|Windows Defender +|\*.s-msedge.net|HTTPS|Used by OfficeHub to get the metadata of Office apps +|\*.telecommand.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting +|\*.wac.phicdn.net|HTTP|Windows Update +|\*.windowsupdate.com*|HTTP|Windows Update +|\*.wns.windows.com|HTTPS|Windows Notifications Service +|\*.wpc.*.net|HTTP|Diagnostic Data +|\*displaycatalog.md.mp.microsoft.com.akadns.net|HTTPS|Microsoft Store +|\*dsp.mp.microsoft.com|HTTPS|Windows Update +|a1158.g.akamai.net|HTTP|Maps +|a122.dscg3.akamai.net|HTTP|Maps +|a767.dscg3.akamai.net|HTTP|Maps +|au.download.windowsupdate.com*|HTTP|Windows Update +|bing.com/*|HTTPS|Used for updates for Cortana, apps, and Live Tiles +|blob.dz5prdstr01a.store.core.windows.net|HTTPS|Microsoft Store +|browser.pipe.aria.microsoft.com|HTTP|Used by OfficeHub to get the metadata of Office apps +|cdn.onenote.net/livetile/*|HTTPS|Used for OneNote Live Tile +|cds.p9u4n2q3.hwcdn.net|HTTP|Used by the Highwinds Content Delivery Network to perform Windows updates +|client-office365-tas.msedge.net/*|HTTPS|Office 365 porta and Office Online +|ctldl.windowsupdate.com*|HTTP|Used to download certificates that are publicly known to be fraudulent +|displaycatalog.mp.microsoft.com/*|HTTPS|Microsoft Store +|dmd.metaservices.microsoft.com*|HTTP|Device Authentication +|download.windowsupdate.com*|HTTPS|Windows Update +|emdl.ws.microsoft.com/*|HTTP|Used to download apps from the Microsoft Store +|evoke-windowsservices-tas.msedge.net|HTTPS|Photo app +|fe2.update.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services +|fe3.delivery.dsp.mp.microsoft.com.nsatc.net|HTTPS|Windows Update, Microsoft Update, Microsoft Store services +|fe3.delivery.mp.microsoft.com*|HTTPS|Windows Update, Microsoft Update, Microsoft Store services +|g.live.com*|HTTPS|Used by OneDrive for Business to download and verify app updates +|g.msn.com.nsatc.net|HTTPS|Used to retrieve Windows Spotlight metadata +|go.microsoft.com|HTTP|Windows Defender +|iecvlist.microsoft.com|HTTPS|Microsoft Edge browser +|ipv4.login.msa.akadns6.net|HTTPS|Used for Microsoft accounts to sign in +|licensing.mp.microsoft.com*|HTTPS|Used for online activation and some app licensing +|login.live.com|HTTPS|Device Authentication +|maps.windows.com/windows-app-web-link|HTTPS|Maps application +|modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting +|msagfx.live.com|HTTPS|OneDrive +|ocos-office365-s2s.msedge.net/*|HTTPS|Used to connect to the Office 365 portal's shared infrastructure +|ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities +|oneclient.sfx.ms/*|HTTPS|Used by OneDrive for Business to download and verify app updates +|onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office +|pti.store.microsoft.com|HTTPS|Microsoft Store +|settings-win.data.microsoft.com/settings/*|HTTPS|Used as a way for apps to dynamically update their configuration +|share.microsoft.com|HTTPS|Microsoft Store +|skypeecs-prod-usw-0.cloudapp.net|HTTPS|Skype +|sls.update.microsoft.com*|HTTPS|Windows Update +|storecatalogrevocation.storequality.microsoft.com*|HTTPS|Used to revoke licenses for malicious apps on the Microsoft Store +|tile-service.weather.microsoft.com*|HTTP|Used to download updates to the Weather app Live Tile +|tsfe.trafficshaping.dsp.mp.microsoft.com|HTTPS|Windows Update +|v10.events.data.microsoft.com*|HTTPS|Diagnostic Data +|vip5.afdorigin-prod-ch02.afdogw.com|HTTPS|Used to serve Office 365 experimentation traffic +|watson.telemetry.microsoft.com*|HTTPS|Used by Windows Error Reporting +|wdcp.microsoft.com|HTTPS|Windows Defender +|wd-prod-cp-us-east-1-fe.eastus.cloudapp.azure.com|HTTPS|Azure +|wusofficehome.msocdn.com|HTTPS|Microsoft Office +|www.bing.com|HTTPS|Cortana and Search +|www.microsoft.com|HTTP|Diagnostic Data +|www.microsoft.com/pkiops/certs/*|HTTP|CRL and OCSP checks to the issuing certificate authorities +|www.msftconnecttest.com|HTTP|Network Connection +|www.office.com|HTTPS|Microsoft Office + From e936adc1bb432d397f45c9e3aac764d712c1240e Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 12:35:53 -0700 Subject: [PATCH 11/90] Update windows-endpoints-1903-non-enterprise-editions.md --- ...-endpoints-1903-non-enterprise-editions.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md index 44fadd939e..2c3885c711 100644 --- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -1,5 +1,5 @@ --- -title: Windows 10, version 1809, connection endpoints for non-Enterprise editions +title: Windows 10, version 1903, connection endpoints for non-Enterprise editions description: Explains what Windows 10 endpoints are used in non-Enterprise editions. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 @@ -7,22 +7,22 @@ ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: high audience: ITPro -author: danihalfin -ms.author: daniha -manager: dansimp +author: mikeedgar +ms.author: v-medgar +manager: sanashar ms.collection: M365-security-compliance ms.topic: article -ms.date: 6/26/2018 +ms.date: 5/9/2019 --- -# Windows 10, version 1809, connection endpoints for non-Enterprise editions +# Windows 10, version 1903, connection endpoints for non-Enterprise editions **Applies to** -- Windows 10 Home, version 1809 -- Windows 10 Professional, version 1809 -- Windows 10 Education, version 1809 +- Windows 10 Home, version 1903 +- Windows 10 Professional, version 1903 +- Windows 10 Education, version 1903 -In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1809-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1809. +In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1903-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1903. We used the following methodology to derive these network endpoints: From 455b7236ea01925b0814ebb968321986a6e2f357 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 16:57:41 -0700 Subject: [PATCH 12/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ating-system-components-to-microsoft-services.md | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 72bb0cefbe..1cd88e5243 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -39,9 +39,6 @@ However, some of the settings reduce the functionality and security configuratio Make sure you've chosen the right settings configuration for your environment before applying. You should not extract this package to the windows\\system32 folder because it will not apply correctly. ->[!IMPORTANT] -> As part of the [Windows Restricted Traffic Limited Functionality Baseline](https://go.microsoft.com/fwlink/?linkid=828887), MDM functionallity is disabled. If you manage devices through MDM, make sure [cloud notifications are enabled](#bkmk-priv-notifications). - Applying the Windows Restricted Traffic Limited Functionality Baseline is the same as applying each setting covered in this article. It is recommended that you restart a device after making configuration changes to it. Note that **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied. @@ -56,8 +53,6 @@ The following sections list the components that make network connections to Micr The following table lists management options for each setting, beginning with Windows 10 Enterprise version 1607. ->[!NOTE] ->For some settings, MDM policies only partly cover capabilities available through Group Policy. See each setting’s section for more details. | Setting | UI | Group Policy | Registry | | - | :-: | :-: | :-: | @@ -268,7 +263,7 @@ On Windows Server 2016 Nano Server: ### 2. Cortana and Search -Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683). +Use Group Policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683). ### 2.1 Cortana and Search Group Policies @@ -558,7 +553,7 @@ To disable the Microsoft Account Sign-In Assistant: ### 13. Microsoft Edge -Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682). +Use Group Policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682). ### 13.1 Microsoft Edge Group Policies @@ -1643,7 +1638,7 @@ To disable Windows Defender Smartscreen: ### 25. Windows Spotlight -Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface, MDM policy, or through Group Policy. +Windows Spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or Group Policy. If you're running Windows 10, version 1607 or later, you need to: @@ -1765,7 +1760,7 @@ Windows Update Delivery Optimization lets you get Windows updates and Microsoft By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network. -Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization. +Use the UI, Group Policy, or Registry Keys to set up Delivery Optimization. In Windows 10 version 1607 and above you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Bypass** (100), as described below. From 3c8fc7a4ed6263938d394c3edb28ce1e49d77d37 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:08:30 -0700 Subject: [PATCH 13/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ows-operating-system-components-to-microsoft-services.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 1cd88e5243..e86b33a16f 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -96,7 +96,7 @@ The following table lists management options for each setting, beginning with Wi |     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | | +| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | @@ -129,7 +129,7 @@ See the following table for a summary of the management settings for Windows Ser | [18. Settings > Privacy](#bkmk-settingssection) | | | | |     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [20. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | @@ -1488,7 +1488,7 @@ For Windows 10: -or- -- Create a REG_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a value of 0. +- Create a REG_DWORD registry setting named **AllowDiskHealthModelUpdates** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\StorageHealth** with a **value of 0**. ### 21. Sync your settings From bb3fc68af11c27d207e9b245ab56a43affc54c69 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:15:11 -0700 Subject: [PATCH 14/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...perating-system-components-to-microsoft-services.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index e86b33a16f..5964599ef4 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -96,9 +96,9 @@ The following table lists management options for each setting, beginning with Wi |     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +| [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | @@ -146,7 +146,7 @@ See the following table for a summary of the management settings for Windows Ser | [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [14. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | | | [19. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | -| [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | | +| [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [24. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | @@ -158,7 +158,7 @@ See the following table for a summary of the management settings for Windows Ser | - | :-: | | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | -| [22. Teredo](#bkmk-teredo) | | +| [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | | [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ### Settings for Windows Server 2019 @@ -206,7 +206,7 @@ See the following table for a summary of the management settings for Windows Ser |     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.21 Inking & Typing](#bkmk-priv-ink) | | | ![Check mark](images/checkmark.png) | | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | | +| [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | From 1000661358f37cf87af06bcba38828acb560e92c Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:19:05 -0700 Subject: [PATCH 15/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 5964599ef4..ef98f3c09d 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -99,7 +99,7 @@ The following table lists management options for each setting, beginning with Wi | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [23. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | From 5d4ef5882af406a1993bf5d8aa1175265df89e02 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:22:58 -0700 Subject: [PATCH 16/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ows-operating-system-components-to-microsoft-services.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index ef98f3c09d..af7aace6a4 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -104,7 +104,7 @@ The following table lists management options for each setting, beginning with Wi |     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | +|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | @@ -132,7 +132,7 @@ See the following table for a summary of the management settings for Windows Ser | [22. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [24. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | | +|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ### Settings for Windows Server 2016 Server Core @@ -214,7 +214,7 @@ See the following table for a summary of the management settings for Windows Ser |     [24.1 Windows Defender Smartscreen](#bkmk-defender-smartscreen) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [25. Windows Spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | | +|     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) | | [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | From b6bc7577d870a0007cf4dd4117f29f3f27f4316d Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:25:53 -0700 Subject: [PATCH 17/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index af7aace6a4..94c2c9f4dd 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -106,7 +106,7 @@ The following table lists management options for each setting, beginning with Wi | [26. Microsoft Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [26.1 Apps for websites](#bkmk-apps-for-websites) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [27. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +| [28. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ### Settings for Windows Server 2016 with Desktop Experience From 4b445fe8cf340293684880184d40d5fb096a738e Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:36:36 -0700 Subject: [PATCH 18/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 94c2c9f4dd..91ea2a2d0a 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -125,7 +125,7 @@ See the following table for a summary of the management settings for Windows Ser | [10. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [12. Microsoft Account](#bkmk-microsoft-account) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [14. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | +| [16. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [18. Settings > Privacy](#bkmk-settingssection) | | | | |     [18.1 General](#bkmk-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | From 2e7a4cf02e2b44f53b2e9bbdbbe64642ad437c6d Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:38:28 -0700 Subject: [PATCH 19/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 91ea2a2d0a..4f37cf4f5a 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -144,8 +144,8 @@ See the following table for a summary of the management settings for Windows Ser | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [6. Font streaming](#font-streaming) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [14. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | | -| [19. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | +| [14. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [19. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [22. Teredo](#bkmk-teredo) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [24. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [28. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | From cbac0ad6f2f8e9a057a565e7239504376228330c Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:40:59 -0700 Subject: [PATCH 20/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 4f37cf4f5a..01593aa1b1 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -200,7 +200,7 @@ See the following table for a summary of the management settings for Windows Ser |     [18.14 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.15 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.16 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | +|     [18.17 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | From 36d3fb430d2bd55ce4cc1c1c15cf37b35fd07822 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 9 May 2019 19:42:23 -0700 Subject: [PATCH 21/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 01593aa1b1..5a69fa7d6e 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -204,7 +204,7 @@ See the following table for a summary of the management settings for Windows Ser |     [18.18 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -|     [18.21 Inking & Typing](#bkmk-priv-ink) | | | ![Check mark](images/checkmark.png) | +|     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | From 30fc0eb470c713b6033ea489012349cee8376656 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 13 May 2019 11:31:03 -0700 Subject: [PATCH 22/90] Update TOC.md --- windows/privacy/TOC.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index 35561d07af..b687b5bc1b 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -20,7 +20,9 @@ ### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) ### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) ### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) +### [Connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md) ### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) ### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) ### [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md) +### [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) From 457a7c7f478c56f804b0e881de0048bb4d2b13af Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 11:08:55 -0700 Subject: [PATCH 23/90] Create configure-connections-to-microsoft-services-with-mdm.md --- ...nections-to-microsoft-services-with-mdm.md | 122 ++++++++++++++++++ 1 file changed, 122 insertions(+) create mode 100644 windows/privacy/configure-connections-to-microsoft-services-with-mdm.md diff --git a/windows/privacy/configure-connections-to-microsoft-services-with-mdm.md b/windows/privacy/configure-connections-to-microsoft-services-with-mdm.md new file mode 100644 index 0000000000..881ce64336 --- /dev/null +++ b/windows/privacy/configure-connections-to-microsoft-services-with-mdm.md @@ -0,0 +1,122 @@ +--- +title: Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server +description: Use MDM CSPs to minimize connections from Windows to Microsoft services, or to configure particular privacy settings. +ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9 +keywords: privacy, manage connections to Microsoft, Windows 10 +ms.prod: w10 +ms.mktglfcycl: manage +ms.sitesec: library +ms.localizationpriority: medium +author: mikeedgar +ms.author: v-medgar +ms.date: 3/1/2019 +--- + +# Manage connections from Windows operating system components to Microsoft services using Microsoft Intune MDM Server + +**Applies to** + +- Windows 10 Enterprise 1903 version and later + +You can use Microsoft InTune with MDM CSPs and custom [OMA URIs](https://docs.microsoft.com/en-us/intune/custom-settings-windows-10) to minimize connections from Windows to Microsoft services, or to configure particular privacy settings. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article. + +To ensure CSPs take priority over Group Policies in case of conflicts, use the [ControlPolicyConflict](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy. + +You can configure diagnostic data at the Security/Basic level, turn off Windows Defender diagnostic data and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reasons why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience. + +Note, there is some traffic which is required (i.e. "whitelisted") for the operation of Windows and the Microsoft InTune based management. This traffic includes CRL and OCSP network traffic which will show up in network traces. CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign. Additional whitelisted traffic specifically for MDM managed devices includes Windows Notification Service related traffic as well as some specific Microsoft InTune and Windows Update related traffic. + +For more information on Microsoft InTune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](https://docs.microsoft.com/en-us/intune/). + +For detailed information about managing network connections to Microsoft services using Baseline package/registries/Group policies/UI/Command line, see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). + +### Settings for Windows 10 Enterprise edition 1903 and later + +The following table lists management options for each setting. + +For Windows 10, the following MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). + +| Setting | MDM Policy | Description | +| --- | --- | --- | +| 1. Automatic Root Certificates Update | There is intentionally no MDM available for Automatic Root Certificate Update. | This MDM does not exist since it would prevent the operation and management of MDM management of devices. +| 2. Cortana and Search | [Experience/AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Choose whether to let Cortana install and run on the device. +| | [Search/AllowSearchToUseLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation) | Choose whether Cortana and Search can provide location-aware search results.
Default: Allowed +| 3. Date & Time | [Settings/AllowDateTime](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime)| Allows the user to change date and time settings.
**0** Not allowed.
1 (default) Allowed. +| 4. Device metadata retrieval | [DeviceInstallation/PreventDeviceMetadataFromNetwork](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork) | Choose whether to prevent Windows from retrieving device metadata from the Internet +| 5. Find My Device | [Experience/AllowFindMyDevice](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice)| This policy turns on Find My Device.
Set to **0** to disable.
+| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | Set to 0 to disable font streaming
Set to 1 to enable font streaming +| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | **0**: users cannot make their devices available for downloading and installing preview software
**1**: users can make their devices available for downloading and installing preview software
**2**: (default) not configured; users can make their devices available for download and installing preview software +| 8. Internet Explorer | The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer) | +| | [InternetExplorer/AllowSuggestedSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsuggestedsites) | Recommends websites based on the user’s browsing activity. +| | [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter) | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. +| | [InternetExplorer/DisableFlipAheadFeature]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disableflipaheadfeature) | Determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. +| | [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange) | Determines whether users can change the default Home Page or not. +| | [InternetExplorer/DisableFirstRunWizard]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard) | Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. +| 9. Live Tiles | [Notifications/DisallowTileNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications)| This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen. Set value to **1** to disable Tile Notifications. +| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | **0**: not allowed
**1**: allowed
Does not apply to Microsoft Accounts that have already been configured on the device. +| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant.
**0**: turned off
**1**: turned on +| 12. Microsoft Edge | | The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies). +| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites.
Default: Allowed +| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers.
Default: Not allowed +| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge.
Default: Enabled +| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices.
Default: Allowed +| | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions..
Default: Allowed +| | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off.
Default: Allowed +| | [Browser/FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) | Choose the home page for Microsoft Edge on Windows Mobile 10.
Default: blank +| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | **1**: turn off NCSI
Note:: After you apply this policy you must restart the device for the policy setting to take effect. +| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**0** Disabled. Force disable auto-update over metered connection.
+| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data.
**0** Disabled. Force off auto-update.
+| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive.
**1** True (sync disabled).
+| 16. Preinstalled apps | N/A | N/A +| 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. +| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**.
**0**: not allowed
**1**: allowed (default) +| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Turn off **Location for this device**.
**0**: turned off and the employee can't turn it back on
**1**: turned on but lets the employee choose whether to use it (default)
**2**: turned on and the employee can't turn it off
Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Turn off **Let apps use my camera**.
**0**: apps can't use the camera
**1** apps can use the camera
Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Turn off **Let apps use my microphone**.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage.
**DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** +| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Turn off **Let apps access my notifications**.
**0**: user in control
**1**: force allow
**2**: force deny +| | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Disable **AllowOnlineTips** to prevent traffic +| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models.
**0**: not allowed (default)
**1**: allowed +| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows.
**0**: disallow

**1**: choice deferred to user's preference +| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Turn off **Let apps access my name picture and other account info in the UI**.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Turn off **Choose apps that can access contacts** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | Turn off **Let apps access my calendar** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | Turn off **Let apps access my call history** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | Turn off **Let apps access and send email** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | Turn off **Let apps read or send messages (text or MMS)** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) |
**0**: user in control
**1**: force allow
**2**: force deny +| 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | Turn off **Let apps control radios** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | Turn off **Let apps automatically share and sync info** with wireless devices that don't explicitly pair with your PC, tablet, or phone** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | Turn off **Let your apps use your trusted devices** (hardware you've already connected, or comes with your PC, tablet, or phone) in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**.
**0**: maps to the **Security** level
**1**: maps to the **Basic** level
**2**: maps to the **Enhanced** level
**3**: maps to the **Full** level +| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Turn off **Let apps run in the background** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny
Note: Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**. +| 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | Turn off **Let Windows and your apps use your motion data and collect motion history** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks.
**0**: user in control
**1**: force allow
**2**: force deny +| 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | Turn off the ability to choose which apps have access to diagnostic information.
**0**: user in control
**1**: force allow
**2**: force deny +| 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically.
**0**: disabled (default)
**1**: enabled +| 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates.
**0** - Do not allow
+| 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized.
**0**: not allowed
**1**: allowed +| 21. Teredo | No MDM needed or required|No MDM needed or required +| 22. Wi-Fi Sense | No MDM needed or required|No MDM needed or required +| 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service.
**0** Not allowed.
**1** (default) Allowed. +| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft.
**0**: always prompt
**1**: send safe samples automatically (default)
**2**: never send
**3**: send all samples automatically +| 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen.
**0**: turned off
**1**: turned on +| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store
**0**: Turns off traffic
**1**: Allows traffic +| 24. Windows Media Player | N/A | N/A +| 25. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight.
**0**: disabled +| 26. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded.
**0** (default) Enable launch of apps.
**1** Disable launch of apps. +| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed.
**1** (default) Allowed.
**0** Not allowed. +| 26.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers.
**0**: disabled
**1** enabled +| 27. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). +| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode) | Lets you choose where Delivery Optimization gets or sends updates and apps.
**0**: turns off Delivery Optimization
**1**: gets or sends updates and apps to PCs on the same NAT only
**2**: gets or sends updates and apps to PCs on the same local network domain
**3**: gets or sends updates and apps to PCs on the Internet
**99**: simple download mode with no peering
**100**: use BITS instead of Windows Update Delivery Optimization +| | [DeliveryOptimization/DOGroupID](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dogroupid) | Lets you provide a Group ID that limits which PCs can share apps and updates.
Note: This ID must be a GUID. +| | [DeliveryOptimization/DOMaxCacheAge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxcacheage) | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache.
The default value is 259200 seconds (3 days). +| | [DeliveryOptimization/DOMaxCacheSize](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxcachesize) | Lets you specify the maximum cache size as a percentage of disk size.
The default value is 20| which represents 20% of the disk. +| | [DeliveryOptimization/DOMaxUploadBandwidth](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxuploadbandwidth) | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth. +| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. Set to **100** - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. +| 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates + + + + + From dc813d358459496add78badc5af9efe55f11f663 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 12:01:15 -0700 Subject: [PATCH 24/90] Update configure-connections-to-microsoft-services-with-mdm.md --- .../configure-connections-to-microsoft-services-with-mdm.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/configure-connections-to-microsoft-services-with-mdm.md b/windows/privacy/configure-connections-to-microsoft-services-with-mdm.md index 881ce64336..58a96778b5 100644 --- a/windows/privacy/configure-connections-to-microsoft-services-with-mdm.md +++ b/windows/privacy/configure-connections-to-microsoft-services-with-mdm.md @@ -7,7 +7,7 @@ ms.prod: w10 ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium -author: mikeedgar +author: medgarmedgar ms.author: v-medgar ms.date: 3/1/2019 --- From 1bb0e75a6a7e985ce9dce893afcb4b122b4d453b Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 12:10:54 -0700 Subject: [PATCH 25/90] Update TOC.md --- windows/privacy/TOC.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index b687b5bc1b..2b3934e585 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -17,12 +17,13 @@ ### [Windows 10, version 1709 and newer diagnostic data for the Full level](windows-diagnostic-data.md) ### [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md) ## Manage Windows 10 connection endpoints -### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) -### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) -### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) ### [Connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md) -### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) -### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) -### [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md) +### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) +### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) +### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) ### [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md) +### [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md) +### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) +### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) +## [Manage connections from Windows operating system components to Microsoft services using MDM/CSPs](configure-connections-to-microsoft-services-with-mdm.md) From 6cfd3cb0ee56fda652fac85ef7d25c3298078fce Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 12:53:41 -0700 Subject: [PATCH 26/90] Rename configure-connections-to-microsoft-services-with-mdm.md to manage-connections-from-windows-operating-system-components-to-microsoft-services-with-MDM.md --- ...operating-system-components-to-microsoft-services-with-MDM.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/privacy/{configure-connections-to-microsoft-services-with-mdm.md => manage-connections-from-windows-operating-system-components-to-microsoft-services-with-MDM.md} (100%) diff --git a/windows/privacy/configure-connections-to-microsoft-services-with-mdm.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-with-MDM.md similarity index 100% rename from windows/privacy/configure-connections-to-microsoft-services-with-mdm.md rename to windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-with-MDM.md From 0bb2b2f0691e2ada84e3b6953216187311c49cde Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 12:54:05 -0700 Subject: [PATCH 27/90] Update TOC.md --- windows/privacy/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index 2b3934e585..f1214e7bec 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -26,4 +26,4 @@ ### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) ### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -## [Manage connections from Windows operating system components to Microsoft services using MDM/CSPs](configure-connections-to-microsoft-services-with-mdm.md) +## [Manage connections from Windows operating system components to Microsoft services using MDM](configure-connections-to-microsoft-services-with-mdm.md) From 6d68ad0c7bde63730d6969a632c45281e56ee4a3 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 12:55:08 -0700 Subject: [PATCH 28/90] Rename manage-connections-from-windows-operating-system-components-to-microsoft-services-with-MDM.md to manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...perating-system-components-to-microsoft-services-using-MDM.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename windows/privacy/{manage-connections-from-windows-operating-system-components-to-microsoft-services-with-MDM.md => manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md} (100%) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-with-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md similarity index 100% rename from windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-with-MDM.md rename to windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md From 06af7c649ba56f4b27189cdf662af25eef988a15 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 13:08:27 -0700 Subject: [PATCH 29/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 5a69fa7d6e..dc7fcf967a 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1032,7 +1032,7 @@ To turn off **Let apps access my notifications**: In the **Speech** area, you can configure the functionality as such: -To turn off streaming audio to Microsoft Speech services, +To turn off the functionality to do voice dictation, speaking to Cortana and other apps, or sending voice input to Microsoft Speech services: - Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off** From a4a15783c649d48c07f91f5e275161660f03c472 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 13:10:53 -0700 Subject: [PATCH 30/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index dc7fcf967a..61476e9047 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1032,7 +1032,7 @@ To turn off **Let apps access my notifications**: In the **Speech** area, you can configure the functionality as such: -To turn off the functionality to do voice dictation, speaking to Cortana and other apps, or sending voice input to Microsoft Speech services: +To turn off voice dictation, speaking to Cortana and other apps, or sending voice input to Microsoft Speech services: - Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off** From febe645dd5dc6e20a5b854cb5c6bd9ae88ecc671 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Wed, 15 May 2019 14:22:42 -0700 Subject: [PATCH 31/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 61476e9047..b86d3299d7 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1550,7 +1550,9 @@ When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings scr ### 24. Windows Defender -You can disconnect from the Microsoft Antimalware Protection Service. +You can disconnect from the Microsoft Antimalware Protection Service. + +On Windows 10 1903 Client operating systems and newer search on "Tamper Protection" from the Windows search button next to the Start button on the desktop commmand bar. Scroll down to the Tamper Protection toggle and turn it **Off**. This will allow you to modify the Registry key and allow the Group Policy to make the setting. Alternatively, go to Windows Security Settings -> Virus & threat protection, click on Manage settings and then scroll down to the Tamper Protection toggle and set it to **Off**. - **Enable** the Group Policy **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Windows Defender Antivirus** > **MAPS** > **Join Microsoft MAPS** and then select **Disabled** from the drop down box named **Join Microsoft MAPS** From ff61a29b9b9f684de59ba3d1ab6759f555007a4a Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 13:43:10 -0700 Subject: [PATCH 32/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ponents-to-microsoft-services-using-MDM.md | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 58a96778b5..381e5fef6e 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -16,7 +16,7 @@ ms.date: 3/1/2019 **Applies to** -- Windows 10 Enterprise 1903 version and later +- Windows 10 Enterprise 1903 version and newer You can use Microsoft InTune with MDM CSPs and custom [OMA URIs](https://docs.microsoft.com/en-us/intune/custom-settings-windows-10) to minimize connections from Windows to Microsoft services, or to configure particular privacy settings. You can configure diagnostic data at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article. @@ -30,7 +30,7 @@ For more information on Microsoft InTune please see [Transform IT service delive For detailed information about managing network connections to Microsoft services using Baseline package/registries/Group policies/UI/Command line, see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). -### Settings for Windows 10 Enterprise edition 1903 and later +### Settings for Windows 10 Enterprise edition 1903 and newer The following table lists management options for each setting. @@ -116,7 +116,20 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. Set to **100** - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. | 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates - +### Allowed (aka "Whitelisted") traffic for Microsoft InTune / MDM configurations +| Endpoint of Allowed traffic | +| --- | +|ctldl.windowsupdate.com| +|cdn.onenote.net| +|r.manage.microsoft.com| +|tile-service.weather.microsoft.com| +|settings-win.data.microsoft.com| +|client.wns.windows.com| +|dm3p.wns.windows.com| +|crl.microsoft.com/pki/crl/*| +|www.microsoft.com/pkiops/crl/*| +|activation-v2.sls.microsoft.com/*| +|ocsp.digicert.com/*| From de27d90092f80321a0c9a7b3570cecabd5650c63 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 13:44:27 -0700 Subject: [PATCH 33/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...rating-system-components-to-microsoft-services-using-MDM.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 381e5fef6e..47198dac47 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -117,7 +117,8 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates ### Allowed (aka "Whitelisted") traffic for Microsoft InTune / MDM configurations -| Endpoint of Allowed traffic | + +|**Allowed traffic endpoints** | | --- | |ctldl.windowsupdate.com| |cdn.onenote.net| From c8b453df2fd9b0083ee15ddbac0fe1017c0608fe Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 13:45:21 -0700 Subject: [PATCH 34/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ating-system-components-to-microsoft-services-using-MDM.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 47198dac47..5b371ce302 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -117,7 +117,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates ### Allowed (aka "Whitelisted") traffic for Microsoft InTune / MDM configurations - + |**Allowed traffic endpoints** | | --- | |ctldl.windowsupdate.com| @@ -128,7 +128,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt |client.wns.windows.com| |dm3p.wns.windows.com| |crl.microsoft.com/pki/crl/*| -|www.microsoft.com/pkiops/crl/*| +|*microsoft.com/pkiops/crl/*| |activation-v2.sls.microsoft.com/*| |ocsp.digicert.com/*| From 6518bebae843fc8b7d902d20dd57293d7204ef53 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 13:46:38 -0700 Subject: [PATCH 35/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 5b371ce302..917e71196f 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -128,7 +128,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt |client.wns.windows.com| |dm3p.wns.windows.com| |crl.microsoft.com/pki/crl/*| -|*microsoft.com/pkiops/crl/*| +|*microsoft.com/pkiops/crl/**| |activation-v2.sls.microsoft.com/*| |ocsp.digicert.com/*| From efa711233502e9695cf9887f324005da1c7d823d Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 13:47:34 -0700 Subject: [PATCH 36/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ating-system-components-to-microsoft-services-using-MDM.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 917e71196f..5f3cce836a 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -117,7 +117,9 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates ### Allowed (aka "Whitelisted") traffic for Microsoft InTune / MDM configurations - + + + |**Allowed traffic endpoints** | | --- | |ctldl.windowsupdate.com| From 81aaa14e58f21cfaf4659e5593f22e16b0fcc446 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 13:57:32 -0700 Subject: [PATCH 37/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 5f3cce836a..0210fa442d 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -118,8 +118,6 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt ### Allowed (aka "Whitelisted") traffic for Microsoft InTune / MDM configurations - - |**Allowed traffic endpoints** | | --- | |ctldl.windowsupdate.com| From 7f6b20f84cd84c4abc9d848586a0f5ed1ff9875e Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 14:39:26 -0700 Subject: [PATCH 38/90] Update TOC.md --- windows/privacy/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index f1214e7bec..3c6f3b4f16 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -26,4 +26,4 @@ ### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) ### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -## [Manage connections from Windows operating system components to Microsoft services using MDM](configure-connections-to-microsoft-services-with-mdm.md) +## [Manage connections from Windows operating system components to Microsoft services using MDM](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md) From 14f76766db500c66185a878b82f0885271512ac2 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:08:21 -0700 Subject: [PATCH 39/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 54 +++++++++++++++++-- 1 file changed, 50 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index b86d3299d7..c6de4234bd 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -8,12 +8,12 @@ ms.mktglfcycl: manage ms.sitesec: library ms.localizationpriority: medium audience: ITPro -author: danihalfin -ms.author: daniha -manager: dansimp +author: medgarmedgar +ms.author: v-medgar +manager: sanashar ms.collection: M365-security-compliance ms.topic: article -ms.date: 06/05/2018 +ms.date: 05/16/2019 --- # Manage connections from Windows operating system components to Microsoft services @@ -95,6 +95,8 @@ The following table lists management options for each setting, beginning with Wi |     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +|     [18.22 Activity History](#bkmk-act-history) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.23 Voice Activation](#bkmk-voice-act) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | @@ -205,6 +207,8 @@ See the following table for a summary of the management settings for Windows Ser |     [18.19 Tasks](#bkmk-priv-tasks) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.20 App Diagnostics](#bkmk-priv-diag) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |     [18.21 Inking & Typing](#bkmk-priv-ink) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | +|     [18.22 Activity History](#bkmk-act-history) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +|     [18.23 Voice Activation](#bkmk-voice-act) | ![Check mark](images/checkmark.png) |![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [19. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [20. Storage Health](#bkmk-storage-health) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [21. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | @@ -813,6 +817,10 @@ Use Settings > Privacy to configure some settings that may be important to yo - [18.21 Inking & Typing](#bkmk-priv-ink) +- [18.22 Activity History](#bkmk-act-history) + +- [18.23 Voice Activation(#bkmk-voice-act) + ### 18.1 General **General** includes options that don't fall into other areas. @@ -1424,6 +1432,44 @@ If you're running at least Windows 10, version 1703, you can turn off updates to - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** + + +### 18.22 Activity History +In the **Activity History** area, you can choose turn of tracking of your Activity History. + +To turn this Off: + + - Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes. + +-OR- + + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Enables Activity Feed**. + + -and- + + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow publishing of User Activities**. + + -and- + + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow upload of User Activities** + + +-OR- + + - Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. + + -and- + + - Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. + + -and- + + - Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. + + +### 18.23 Voice Activation + + > [!NOTE] > Releases 1803 and earlier support **Speech, Inking, & Typing** as a combined settings area. For customizing those setting please follow the below instructions. For 1809 and above **Speech** and **Inking & Typing** are separate settings pages, please see the specific section (18.6 Speech or 18.21 Inking and Typing) above for those areas. From 8a0dd6b4d021f69bcbe844923c43343bf61e1b6a Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:11:21 -0700 Subject: [PATCH 40/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index c6de4234bd..6b2b34cfb1 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -819,7 +819,7 @@ Use Settings > Privacy to configure some settings that may be important to yo - [18.22 Activity History](#bkmk-act-history) -- [18.23 Voice Activation(#bkmk-voice-act) +- [18.23 Voice Activation](#bkmk-voice-act) ### 18.1 General @@ -1434,40 +1434,40 @@ If you're running at least Windows 10, version 1703, you can turn off updates to -### 18.22 Activity History +### 18.22 Activity History In the **Activity History** area, you can choose turn of tracking of your Activity History. To turn this Off: - - Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes. + - Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes. -OR- - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Enables Activity Feed**. + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Enables Activity Feed**. -and- - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow publishing of User Activities**. + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow publishing of User Activities**. -and- - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow upload of User Activities** + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow upload of User Activities** -OR- - - Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. + - Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. -and- - - Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. + - Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. -and- - - Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. + - Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. -### 18.23 Voice Activation +### 18.23 Voice Activation > [!NOTE] From 20757790a2a95050ca708859a333673ab2681e01 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:14:20 -0700 Subject: [PATCH 41/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ows-operating-system-components-to-microsoft-services.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 6b2b34cfb1..ffd5fd2f7e 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1432,8 +1432,6 @@ If you're running at least Windows 10, version 1703, you can turn off updates to - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** - - ### 18.22 Activity History In the **Activity History** area, you can choose turn of tracking of your Activity History. @@ -1445,11 +1443,11 @@ To turn this Off: - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Enables Activity Feed**. - -and- + -and- - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow publishing of User Activities**. - -and- + -and- - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow upload of User Activities** From e04b61d04f8c00aa0451e5892f5c539b0a938719 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:16:03 -0700 Subject: [PATCH 42/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index ffd5fd2f7e..9c75815780 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1443,11 +1443,11 @@ To turn this Off: - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Enables Activity Feed**. - -and- + -and- - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow publishing of User Activities**. - -and- + -and- - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow upload of User Activities** From 41cc5f332b32ad331e10244c2508913fce51868d Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:21:50 -0700 Subject: [PATCH 43/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 9c75815780..2e3498df01 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1437,32 +1437,31 @@ In the **Activity History** area, you can choose turn of tracking of your Activi To turn this Off: - - Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes. +- Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes. -OR- - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Enables Activity Feed**. +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Enables Activity Feed**. - -and- + -and- - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow publishing of User Activities**. +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow publishing of User Activities**. - -and- - - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow upload of User Activities** + -and- +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow upload of User Activities** -OR- - - Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. - -and- + -and- - - Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. - -and- + -and- - - Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. ### 18.23 Voice Activation From 4315924ec2695c645bceedaaa21c10209aa9d0d8 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:35:27 -0700 Subject: [PATCH 44/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 38 +++++++++---------- 1 file changed, 17 insertions(+), 21 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 2e3498df01..eee8ddd817 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1433,23 +1433,23 @@ If you're running at least Windows 10, version 1703, you can turn off updates to ### 18.22 Activity History -In the **Activity History** area, you can choose turn of tracking of your Activity History. +In the **Activity History** area, you can choose turn Off tracking of your Activity History. -To turn this Off: +To turn this Off in the UI: - Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes. -OR- -- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Enables Activity Feed**. +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Enables Activity Feed**. -and- -- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow publishing of User Activities**. +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Allow publishing of User Activities**. -and- -- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **App Privacy** > **OS Policies** named **Allow upload of User Activities** +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** > named **Allow upload of User Activities** -OR- @@ -1463,36 +1463,32 @@ To turn this Off: - Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. - ### 18.23 Voice Activation +In the **Vocie activation** area, you can choose turn Off apps ability to listen for a Voice keyword. -> [!NOTE] -> Releases 1803 and earlier support **Speech, Inking, & Typing** as a combined settings area. For customizing those setting please follow the below instructions. For 1809 and above **Speech** and **Inking & Typing** are separate settings pages, please see the specific section (18.6 Speech or 18.21 Inking and Typing) above for those areas. +To turn this Off in the UI: -In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees. +- Turn **Off** the feature in the UI by going to **Settings -> Privacy -> Voice activation** and toggle **Off** the **Allow apps to use voice activation** AND also toggle **Off** the **Allow apps to use voice activation when this device is locked**. - For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article. +-OR- - To turn off the functionality: +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > named **Let Windows apps activate with voice**. - - Click the **Stop getting to know me** button, and then click **Turn off**. + -and- - -or- +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > named **Let Windows apps activate with voice while the system is locked**. - - Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **Control Panel** > **Regional and Language Options** > **Handwriting personalization** > **Turn off automatic learning** - -or- +-OR- + +- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**. - - Create a REG_DWORD registry setting named **RestrictImplicitInkCollection** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** with a value of 1 (one). + -and- - -or- +- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**. - - Create a REG_DWORD registry setting named **AcceptedPrivacyPolicy** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Personalization\\Settings** with a value of 0 (zero). - -and- - - - Create a REG_DWORD registry setting named **HarvestContacts** in **HKEY_CURRENT_USER\\Software\\Microsoft\\InputPersonalization\\TrainedDataStore** with a value of **0 (zero)**. ### 19. Software Protection Platform From cfa95f5f54a0cef19bbefcea46399ed4d826a154 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:38:37 -0700 Subject: [PATCH 45/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index eee8ddd817..56ddc526f9 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1437,15 +1437,15 @@ In the **Activity History** area, you can choose turn Off tracking of your Activ To turn this Off in the UI: -- Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes. +- Turn **Off** the feature in the UI by going to Settings -> Privacy -> Activity History and **un-checking** the **Store my activity history on this device** AND **unchecking** the **Send my activity History to Microsoft** checkboxes -OR- -- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Enables Activity Feed**. +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Enables Activity Feed** -and- -- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Allow publishing of User Activities**. +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **OS Policies** named **Allow publishing of User Activities** -and- @@ -1453,15 +1453,15 @@ To turn this Off in the UI: -OR- -- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **EnableActivityFeed** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** -and- -- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** -and- -- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **UploadUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\System** with a **value of 0 (zero)** ### 18.23 Voice Activation @@ -1469,24 +1469,24 @@ In the **Vocie activation** area, you can choose turn Off apps ability to listen To turn this Off in the UI: -- Turn **Off** the feature in the UI by going to **Settings -> Privacy -> Voice activation** and toggle **Off** the **Allow apps to use voice activation** AND also toggle **Off** the **Allow apps to use voice activation when this device is locked**. +- Turn **Off** the feature in the UI by going to **Settings -> Privacy -> Voice activation** and toggle **Off** the **Allow apps to use voice activation** AND also toggle **Off** the **Allow apps to use voice activation when this device is locked** -OR- -- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > named **Let Windows apps activate with voice**. +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > named **Let Windows apps activate with voice** -and- -- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > named **Let Windows apps activate with voice while the system is locked**. +- **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > named **Let Windows apps activate with voice while the system is locked** -OR- -- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **LetAppsActivateWithVoice** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)** -and- -- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)**. +- Create a REG_DWORD registry setting named **PublishUserActivities** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows\\AppPrivacy** with a **value of 0 (zero)** From 15253f3e3a032f457bfe405bf3a5eef2d8e3c035 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:40:49 -0700 Subject: [PATCH 46/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 56ddc526f9..13d99f10af 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1425,7 +1425,7 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models: - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** -or- From e535736d8e846e8dc878783e2f237e5fc49e00ae Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 17:51:51 -0700 Subject: [PATCH 47/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 13d99f10af..f3912695a7 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1425,7 +1425,7 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models: - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** -or- From fb799925c329663c180e0d28d7b24b2476b5b147 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Thu, 16 May 2019 20:50:31 -0700 Subject: [PATCH 48/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ows-operating-system-components-to-microsoft-services.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index f3912695a7..11b1cd1dfe 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -170,7 +170,7 @@ See the following table for a summary of the management settings for Windows Ser | Setting | UI | Group Policy | Registry | | - | :-: | :-: | :-: | | [1. Automatic Root Certificates Update](#automatic-root-certificates-update) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | -| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | +| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | [5. Find My Device](#find-my-device) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | @@ -1104,9 +1104,7 @@ To turn off **Let apps access my calendar**: -or- -- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access the calendar** - - - Set the **Select a setting** box to **Force Deny**. +- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access the calendar**. Set the **Select a setting** box to **Force Deny**. -or- From f16f0f807ca808e30862da9f76a11a7396b646b9 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 09:02:59 -0700 Subject: [PATCH 49/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ng-system-components-to-microsoft-services-using-MDM.md | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 0210fa442d..6dc87da4de 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -28,7 +28,10 @@ Note, there is some traffic which is required (i.e. "whitelisted") for the opera For more information on Microsoft InTune please see [Transform IT service delivery for your modern workplace](https://www.microsoft.com/en-us/enterprise-mobility-security/microsoft-intune?rtc=1) and [Microsoft Intune documentation](https://docs.microsoft.com/en-us/intune/). -For detailed information about managing network connections to Microsoft services using Baseline package/registries/Group policies/UI/Command line, see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). +For detailed information about managing network connections to Microsoft services using Registries, Group Policies, or UI see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). + +The endpoints for the “whitelisted” traffic are in the [Whitelisted Traffic](#bkmk-mdm-whitelist). + ### Settings for Windows 10 Enterprise edition 1903 and newer @@ -116,7 +119,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. Set to **100** - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. | 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates -### Allowed (aka "Whitelisted") traffic for Microsoft InTune / MDM configurations +### Allowed (aka "Whitelisted") traffic for Microsoft InTune / MDM configurations |**Allowed traffic endpoints** | | --- | From 3f3a7ad286e895dc69c2832670c252335344e9af Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 09:03:58 -0700 Subject: [PATCH 50/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 6dc87da4de..6986ee5ce2 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -119,7 +119,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. Set to **100** - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. | 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates -### Allowed (aka "Whitelisted") traffic for Microsoft InTune / MDM configurations +### Allowed traffic (aka "Whitelisted") for Microsoft InTune / MDM configurations |**Allowed traffic endpoints** | | --- | From 4638ce3016e3234bc51055ab6014308e83f6159f Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 09:25:42 -0700 Subject: [PATCH 51/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...g-system-components-to-microsoft-services-using-MDM.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 6986ee5ce2..0d87c0498f 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -111,10 +111,10 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed.
**1** (default) Allowed.
**0** Not allowed. | 26.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers.
**0**: disabled
**1** enabled | 27. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). -| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode) | Lets you choose where Delivery Optimization gets or sends updates and apps.
**0**: turns off Delivery Optimization
**1**: gets or sends updates and apps to PCs on the same NAT only
**2**: gets or sends updates and apps to PCs on the same local network domain
**3**: gets or sends updates and apps to PCs on the Internet
**99**: simple download mode with no peering
**100**: use BITS instead of Windows Update Delivery Optimization -| | [DeliveryOptimization/DOGroupID](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dogroupid) | Lets you provide a Group ID that limits which PCs can share apps and updates.
Note: This ID must be a GUID. -| | [DeliveryOptimization/DOMaxCacheAge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxcacheage) | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache.
The default value is 259200 seconds (3 days). -| | [DeliveryOptimization/DOMaxCacheSize](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxcachesize) | Lets you specify the maximum cache size as a percentage of disk size.
The default value is 20| which represents 20% of the disk. +| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps.
**0**: turns off Delivery Optimization
**1**: gets or sends updates and apps to PCs on the same NAT only
**2**: gets or sends updates and apps to PCs on the same local network domain
**3**: gets or sends updates and apps to PCs on the Internet
**99**: simple download mode with no peering
**100**: use BITS instead of Windows Update Delivery Optimization +| | [DeliveryOptimization/DOGroupID](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dogroupid)| Lets you provide a Group ID that limits which PCs can share apps and updates.
Note: This ID must be a GUID. +| | [DeliveryOptimization/DOMaxCacheAge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxcacheage)| Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache.
The default value is 259200 seconds (3 days). +| | [DeliveryOptimization/DOMaxCacheSize](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxcachesize) | Lets you specify the maximum cache size as a percentage of disk size.
The default value is 20 which represents 20% of the disk. | | [DeliveryOptimization/DOMaxUploadBandwidth](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxuploadbandwidth) | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth. | | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. Set to **100** - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. | 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates From 8ea9ed0bf3385a1a5da6d69634e13d9715edf282 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 09:26:49 -0700 Subject: [PATCH 52/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...rating-system-components-to-microsoft-services-using-MDM.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 0d87c0498f..1169395f22 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -30,7 +30,8 @@ For more information on Microsoft InTune please see [Transform IT service delive For detailed information about managing network connections to Microsoft services using Registries, Group Policies, or UI see [Manage connections from Windows operating system components to Microsoft services](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services). -The endpoints for the “whitelisted” traffic are in the [Whitelisted Traffic](#bkmk-mdm-whitelist). + +The endpoints for the MDM “whitelisted” traffic are in the [Whitelisted Traffic](#bkmk-mdm-whitelist). ### Settings for Windows 10 Enterprise edition 1903 and newer From 0ae2072b649889818f51dc43dc6c75126ac4cad8 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 17:08:42 -0700 Subject: [PATCH 53/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...system-components-to-microsoft-services.md | 20 ++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 11b1cd1dfe..bc3d6f1a45 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1052,6 +1052,17 @@ To turn off voice dictation, speaking to Cortana and other apps, or sending voic - Create a REG_DWORD registry setting named **HasAccepted** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Speech_OneCore\\Settings\\OnlineSpeechPrivacy** with a **value of 0 (zero)** + +If you're running at Windows 10, version 1703 up to Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models: + + - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** + + -or- + + - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** + + + ### 18.7 Account info In the **Account Info** area, you can choose which apps can access your name, picture, and other account info. @@ -1421,15 +1432,6 @@ To turn off Inking & Typing data collection (note: there is no Group Policy for - Set **RestrictImplicitTextCollection** registry REG_DWORD setting in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\InputPersonalization** to a **value of 1 (one)** -If you're running at least Windows 10, version 1703, you can turn off updates to the speech recognition and speech synthesis models: - - - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** - - -or- - - - Create a REG_DWORD registry setting named **AllowSpeechModelUpdate** in **HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Speech** with a **value of 0 (zero)** - - ### 18.22 Activity History In the **Activity History** area, you can choose turn Off tracking of your Activity History. From ff8b7d6a2131a26bb8597a4e80a0732a16b7bfd5 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 17:29:22 -0700 Subject: [PATCH 54/90] Update manage-windows-1903-endpoints.md --- windows/privacy/manage-windows-1903-endpoints.md | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index f73b24241a..5364d2ae65 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -30,16 +30,18 @@ Some Windows components, app, and related services transfer data to Microsoft ne This article lists different endpoints that are available on a clean installation of Windows 10, version 1709 and later. Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). -Where applicable, each endpoint covered in this topic includes a link to specific details about how to control traffic to it. +Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic. We used the following methodology to derive these network endpoints: 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. -2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device). 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. -5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. -6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. +5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here. +7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different. +8. These tests were conducted for one week, but if you capture traffic for longer you may have different results. > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. From 6cc42989875be1a8ba938ede4a43490490ad6d5b Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 17:31:19 -0700 Subject: [PATCH 55/90] Update manage-windows-1903-endpoints.md --- windows/privacy/manage-windows-1903-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index 5364d2ae65..c655b5307b 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -1,5 +1,5 @@ --- -title: Connection endpoints for Windows 10, version 1903 +title: Connection endpoints for Windows 10 Enterprise, version 1903 description: Explains what Windows 10 endpoints are used for, how to turn off traffic to them, and the impact. keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016 ms.prod: w10 From e6d8d209e26d2d88e278eed2e8d58af72aba77e7 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 17:32:11 -0700 Subject: [PATCH 56/90] Update manage-windows-1903-endpoints.md --- windows/privacy/manage-windows-1903-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index c655b5307b..01e2747cdc 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -18,7 +18,7 @@ ms.date: 5/3/2019 **Applies to** -- Windows 10, version 1903 +- Windows 10 Enterprise, version 1903 Some Windows components, app, and related services transfer data to Microsoft network endpoints. Some examples include: From bda0298a955442d29ad82168282b7e6235e7290e Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 17:32:40 -0700 Subject: [PATCH 57/90] Update manage-windows-1903-endpoints.md --- windows/privacy/manage-windows-1903-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index 01e2747cdc..3ed84fa322 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -14,7 +14,7 @@ ms.collection: M365-security-compliance ms.topic: article ms.date: 5/3/2019 --- -# Manage connection endpoints for Windows 10, version 1903 +# Manage connection endpoints for Windows 10 Enterprise, version 1903 **Applies to** From 6445bf4b6416e6e7330c8c5a2c8899d2f2b7e33c Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 17:41:26 -0700 Subject: [PATCH 58/90] Update windows-endpoints-1903-non-enterprise-editions.md --- .../windows-endpoints-1903-non-enterprise-editions.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md index 2c3885c711..50b4192e0c 100644 --- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -22,16 +22,19 @@ ms.date: 5/9/2019 - Windows 10 Professional, version 1903 - Windows 10 Education, version 1903 -In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1903-endpoints.md), the following endpoints are available on other editions of Windows 10, version 1903. +In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1903-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 1903. We used the following methodology to derive these network endpoints: 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. -2. Leave the devices running idle for a week (that is, a user is not interacting with the system/device). +2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device). 3. Use globally accepted network protocol analyzer/capturing tools and log all background egress traffic. 4. Compile reports on traffic going to public IP addresses. -5. The test virtual machine was logged in using a local account and was not joined to a domain or Azure Active Directory. -6. All traffic was captured in our lab using a IPV4 network. Therefore no IPV6 traffic is reported here. +5. The test virtual machine(s) was logged into using a local account, and was not joined to a domain or Azure Active Directory. +6. All traffic was captured in our lab using a IPV4 network. Therefore, no IPV6 traffic is reported here. +7. These tests were conducted in an approved Microsoft lab. It's possible your results may be different. +8. These tests were conducted for one week, but if you capture traffic for longer you may have different results. + > [!NOTE] > Microsoft uses global load balancers that can appear in network trace-routes. For example, an endpoint for *.akadns.net might be used to load balance requests to an Azure datacenter, which can change over time. From 24220c2623bcefb901badadc17a69bbd8743a709 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 17:49:30 -0700 Subject: [PATCH 59/90] Update manage-windows-1903-endpoints.md --- windows/privacy/manage-windows-1903-endpoints.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md index 3ed84fa322..1279552d91 100644 --- a/windows/privacy/manage-windows-1903-endpoints.md +++ b/windows/privacy/manage-windows-1903-endpoints.md @@ -32,7 +32,7 @@ This article lists different endpoints that are available on a clean installatio Details about the different ways to control traffic to these endpoints are covered in [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md). Where applicable, each endpoint covered in this topic includes a link to the specific details on how to control that traffic. -We used the following methodology to derive these network endpoints: +The following methodology was used to derive these network endpoints: 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device). From bb8d9e97576aad99e657b64f882328e1233e2f97 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 17:50:07 -0700 Subject: [PATCH 60/90] Update windows-endpoints-1903-non-enterprise-editions.md --- .../privacy/windows-endpoints-1903-non-enterprise-editions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md index 50b4192e0c..a4b71349d5 100644 --- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md +++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md @@ -24,7 +24,7 @@ ms.date: 5/9/2019 In addition to the endpoints listed for [Windows 10 Enterprise](manage-windows-1903-endpoints.md), the following endpoints are available on other non-Enterprise editions of Windows 10, version 1903. -We used the following methodology to derive these network endpoints: +The following methodology was used to derive the network endpoints: 1. Set up the latest version of Windows 10 on a test virtual machine using the default settings. 2. Leave the device(s) running idle for a week ("idle" means a user is not interacting with the system/device). From 608f0993dee3bcf71926d7426199fc9a6635028d Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 19:09:59 -0700 Subject: [PATCH 61/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ponents-to-microsoft-services-using-MDM.md | 130 +++++++++--------- 1 file changed, 62 insertions(+), 68 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 1169395f22..2a3fcf8085 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -43,82 +43,76 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | Setting | MDM Policy | Description | | --- | --- | --- | | 1. Automatic Root Certificates Update | There is intentionally no MDM available for Automatic Root Certificate Update. | This MDM does not exist since it would prevent the operation and management of MDM management of devices. -| 2. Cortana and Search | [Experience/AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Choose whether to let Cortana install and run on the device. -| | [Search/AllowSearchToUseLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation) | Choose whether Cortana and Search can provide location-aware search results.
Default: Allowed -| 3. Date & Time | [Settings/AllowDateTime](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime)| Allows the user to change date and time settings.
**0** Not allowed.
1 (default) Allowed. -| 4. Device metadata retrieval | [DeviceInstallation/PreventDeviceMetadataFromNetwork](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork) | Choose whether to prevent Windows from retrieving device metadata from the Internet -| 5. Find My Device | [Experience/AllowFindMyDevice](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice)| This policy turns on Find My Device.
Set to **0** to disable.
-| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | Set to 0 to disable font streaming
Set to 1 to enable font streaming -| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | **0**: users cannot make their devices available for downloading and installing preview software
**1**: users can make their devices available for downloading and installing preview software
**2**: (default) not configured; users can make their devices available for download and installing preview software +| 2. Cortana and Search | [Experience/AllowCortana](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | Choose whether to let Cortana install and run on the device. **Set to 0 (zero)** +| | [Search/AllowSearchToUseLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation) | Choose whether Cortana and Search can provide location-aware search results. **Set to 0 (zero)** +| 3. Date & Time | [Settings/AllowDateTime](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime)| Allows the user to change date and time settings. **Set to 0 (zero)** +| 4. Device metadata retrieval | [DeviceInstallation/PreventDeviceMetadataFromNetwork](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork) | Choose whether to prevent Windows from retrieving device metadata from the Internet. **Set to Enabled** +| 5. Find My Device | [Experience/AllowFindMyDevice](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice)| This policy turns on Find My Device. ** Set to 0 (zero)** +| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | ** Set to 0 (zero)** +| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | ** Set to 0 (zero)** | 8. Internet Explorer | The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer) | -| | [InternetExplorer/AllowSuggestedSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsuggestedsites) | Recommends websites based on the user’s browsing activity. -| | [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter) | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. -| | [InternetExplorer/DisableFlipAheadFeature]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disableflipaheadfeature) | Determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. -| | [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange) | Determines whether users can change the default Home Page or not. -| | [InternetExplorer/DisableFirstRunWizard]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard) | Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. -| 9. Live Tiles | [Notifications/DisallowTileNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications)| This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen. Set value to **1** to disable Tile Notifications. -| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | **0**: not allowed
**1**: allowed
Does not apply to Microsoft Accounts that have already been configured on the device. -| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant.
**0**: turned off
**1**: turned on +| | [InternetExplorer/AllowSuggestedSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsuggestedsites) | Recommends websites based on the user’s browsing activity. **Set to Disabled** +| | [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter) | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. **Set to Enabled** +| | [InternetExplorer/DisableFlipAheadFeature]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disableflipaheadfeature) | Determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website. **Set to Enabled** +| | [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange) | Determines whether users can change the default Home Page or not. **Set to Enabled** +| | [InternetExplorer/DisableFirstRunWizard]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard) | Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. **Set to Enabled** +| 9. Live Tiles | [Notifications/DisallowTileNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications)| This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen. **Set to Enabled** +| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | ** Set to 0 (zero)** +| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant. ** Set to 0 (zero)** | 12. Microsoft Edge | | The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies). -| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites.
Default: Allowed -| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers.
Default: Not allowed -| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge.
Default: Enabled -| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices.
Default: Allowed -| | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions..
Default: Allowed -| | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off.
Default: Allowed -| | [Browser/FirstRunURL](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-firstrunurl) | Choose the home page for Microsoft Edge on Windows Mobile 10.
Default: blank -| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | **1**: turn off NCSI
Note:: After you apply this policy you must restart the device for the policy setting to take effect. -| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**0** Disabled. Force disable auto-update over metered connection.
-| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data.
**0** Disabled. Force off auto-update.
-| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive.
**1** True (sync disabled).
+| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites. ** Set to 0 (zero)** +| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers. ** Set to 0 (zero)** +| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge. ** Set to 0 (zero)** +| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. ** Set to 0 (zero)** +| | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions. ** Set to 0 (zero)** +| | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off. ** Set to 0 (zero)** +| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | ** Set to 1 (one)** Note:: After you apply this policy you must restart the device for the policy setting to take effect. +| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
** Set to 0 (zero)** +| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. ** Set to 0 (zero)** +| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. ** Set to 1 (one)** | 16. Preinstalled apps | N/A | N/A | 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. -| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**.
**0**: not allowed
**1**: allowed (default) -| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Turn off **Location for this device**.
**0**: turned off and the employee can't turn it back on
**1**: turned on but lets the employee choose whether to use it (default)
**2**: turned on and the employee can't turn it off
Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Turn off **Let apps use my camera**.
**0**: apps can't use the camera
**1** apps can use the camera
Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Turn off **Let apps use my microphone**.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage.
**DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** -| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Turn off **Let apps access my notifications**.
**0**: user in control
**1**: force allow
**2**: force deny -| | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Disable **AllowOnlineTips** to prevent traffic -| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models.
**0**: not allowed (default)
**1**: allowed -| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows.
**0**: disallow

**1**: choice deferred to user's preference -| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Turn off **Let apps access my name picture and other account info in the UI**.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Turn off **Choose apps that can access contacts** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | Turn off **Let apps access my calendar** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | Turn off **Let apps access my call history** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | Turn off **Let apps access and send email** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | Turn off **Let apps read or send messages (text or MMS)** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) |
**0**: user in control
**1**: force allow
**2**: force deny -| 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | Turn off **Let apps control radios** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | Turn off **Let apps automatically share and sync info** with wireless devices that don't explicitly pair with your PC, tablet, or phone** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | Turn off **Let your apps use your trusted devices** (hardware you've already connected, or comes with your PC, tablet, or phone) in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**.
**0**: maps to the **Security** level
**1**: maps to the **Basic** level
**2**: maps to the **Enhanced** level
**3**: maps to the **Full** level -| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Turn off **Let apps run in the background** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny
Note: Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**. -| 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | Turn off **Let Windows and your apps use your motion data and collect motion history** in the UI.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks.
**0**: user in control
**1**: force allow
**2**: force deny -| 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | Turn off the ability to choose which apps have access to diagnostic information.
**0**: user in control
**1**: force allow
**2**: force deny -| 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically.
**0**: disabled (default)
**1**: enabled -| 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates.
**0** - Do not allow
-| 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized.
**0**: not allowed
**1**: allowed +| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**. ** Set to 0 (zero)** +| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Turn off **Location for this device**. ** Set to 0 (zero)** Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Turn off **Let apps use my camera**. ** Set to 0 (zero)** Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Turn off **Let apps use my microphone**. ** Set to 2 (two)** +| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** +| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | ** Set to 2 (two)** +| | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | **Set to Disabled** +| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models. ** Set to 0 (zero)** +| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. ** Set to 0 (zero)** +| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Turn off **Let apps access my name picture and other account info in the UI ** Set to 2 (two)** +| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Turn off **Choose apps that can access contacts** in the UI. ** Set to 2 (two)** +| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | ** Set to 2 (two)** +| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | ** Set to 2 (two)** +| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | ** Set to 2 (two)** +| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | ** Set to 2 (two)** +| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) ** Set to 2 (two)** +| 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | ** Set to 2 (two)** +| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | ** Set to 2 (two)** +| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | ** Set to 2 (two)** +| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**. ** Set to 0 (zero)** +| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Turn off **Let apps run in the background** in the UI. ** Set to 2 (two)** Note: Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**. +| 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | ** Set to 2 (two)** +| 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. ** Set to 2 (two)** +| 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | ** Set to 2 (two)** +| 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically. ** Set to 1 (one)** +| 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates. ** Set to 0 (zero)** +| 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized. ** Set to 0 (zero)** | 21. Teredo | No MDM needed or required|No MDM needed or required | 22. Wi-Fi Sense | No MDM needed or required|No MDM needed or required -| 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service.
**0** Not allowed.
**1** (default) Allowed. -| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft.
**0**: always prompt
**1**: send safe samples automatically (default)
**2**: never send
**3**: send all samples automatically -| 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen.
**0**: turned off
**1**: turned on -| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store
**0**: Turns off traffic
**1**: Allows traffic +| 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service. ** Set to 0 (zero)** +| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. ** Set to 2 (two)** +| 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. ** Set to 0 (zero)** +| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store ** Set to 0 (zero)** | 24. Windows Media Player | N/A | N/A -| 25. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight.
**0**: disabled -| 26. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded.
**0** (default) Enable launch of apps.
**1** Disable launch of apps. -| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed.
**1** (default) Allowed.
**0** Not allowed. -| 26.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers.
**0**: disabled
**1** enabled +| 25. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. ** Set to 0 (zero)** +| 26. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. ** Set to 1 (one)** +| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. ** Set to 0 (zero)** +| 26.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. ** Set to 0 (zero)** | 27. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). -| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps.
**0**: turns off Delivery Optimization
**1**: gets or sends updates and apps to PCs on the same NAT only
**2**: gets or sends updates and apps to PCs on the same local network domain
**3**: gets or sends updates and apps to PCs on the Internet
**99**: simple download mode with no peering
**100**: use BITS instead of Windows Update Delivery Optimization -| | [DeliveryOptimization/DOGroupID](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dogroupid)| Lets you provide a Group ID that limits which PCs can share apps and updates.
Note: This ID must be a GUID. -| | [DeliveryOptimization/DOMaxCacheAge](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxcacheage)| Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache.
The default value is 259200 seconds (3 days). -| | [DeliveryOptimization/DOMaxCacheSize](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxcachesize) | Lets you specify the maximum cache size as a percentage of disk size.
The default value is 20 which represents 20% of the disk. -| | [DeliveryOptimization/DOMaxUploadBandwidth](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-domaxuploadbandwidth) | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity.
The default value is 0, which means unlimited possible bandwidth. -| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates. Set to **100** - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607. -| 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates.
**0**: notify the user before downloading the update
**1**: auto install the update and then notify the user to schedule a device restart
**2**: auto install and restart (default)
**3**: auto install and restart at a specified time
**4**: auto install and restart without end-user control
**5**: turn off automatic updates +| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. ** Set to 100 (one hundred)** +| 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates** Set to 5 (five)** ### Allowed traffic (aka "Whitelisted") for Microsoft InTune / MDM configurations From b36bf3a3c56a1b203b553558e6187a7398aed91a Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 19:12:56 -0700 Subject: [PATCH 62/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ponents-to-microsoft-services-using-MDM.md | 103 +++++++++--------- 1 file changed, 52 insertions(+), 51 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 2a3fcf8085..74a970cd78 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -47,9 +47,9 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [Search/AllowSearchToUseLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-search#search-allowsearchtouselocation) | Choose whether Cortana and Search can provide location-aware search results. **Set to 0 (zero)** | 3. Date & Time | [Settings/AllowDateTime](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime)| Allows the user to change date and time settings. **Set to 0 (zero)** | 4. Device metadata retrieval | [DeviceInstallation/PreventDeviceMetadataFromNetwork](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork) | Choose whether to prevent Windows from retrieving device metadata from the Internet. **Set to Enabled** -| 5. Find My Device | [Experience/AllowFindMyDevice](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice)| This policy turns on Find My Device. ** Set to 0 (zero)** -| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | ** Set to 0 (zero)** -| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | ** Set to 0 (zero)** +| 5. Find My Device | [Experience/AllowFindMyDevice](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice)| This policy turns on Find My Device. **Set to 0 (zero)** +| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | **Set to 0 (zero)** +| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | **Set to 0 (zero)** | 8. Internet Explorer | The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer) | | | [InternetExplorer/AllowSuggestedSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsuggestedsites) | Recommends websites based on the user’s browsing activity. **Set to Disabled** | | [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter) | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. **Set to Enabled** @@ -57,62 +57,63 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange) | Determines whether users can change the default Home Page or not. **Set to Enabled** | | [InternetExplorer/DisableFirstRunWizard]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard) | Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. **Set to Enabled** | 9. Live Tiles | [Notifications/DisallowTileNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications)| This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen. **Set to Enabled** -| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | ** Set to 0 (zero)** -| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant. ** Set to 0 (zero)** +| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | **Set to 0 (zero)** +| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant. **Set to 0 (zero)** | 12. Microsoft Edge | | The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies). -| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites. ** Set to 0 (zero)** -| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers. ** Set to 0 (zero)** -| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge. ** Set to 0 (zero)** -| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. ** Set to 0 (zero)** -| | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions. ** Set to 0 (zero)** -| | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off. ** Set to 0 (zero)** -| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | ** Set to 1 (one)** Note:: After you apply this policy you must restart the device for the policy setting to take effect. -| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
** Set to 0 (zero)** -| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. ** Set to 0 (zero)** -| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. ** Set to 1 (one)** +| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites. **Set to 0 (zero)** +| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers. **Set to 0 (zero)** +| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge. **Set to 0 (zero)** +| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. **Set to 0 (zero)** +| | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions. **Set to 0 (zero)** +| | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off. **Set to 0 (zero)** +| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | **Set to 1 (one)** Note:: After you apply this policy you must restart the device for the policy setting to take effect. +| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**Set to 0 (zero)** +| | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0 (zero)** +| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** | 16. Preinstalled apps | N/A | N/A | 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. -| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**. ** Set to 0 (zero)** -| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Turn off **Location for this device**. ** Set to 0 (zero)** Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Turn off **Let apps use my camera**. ** Set to 0 (zero)** Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Turn off **Let apps use my microphone**. ** Set to 2 (two)** -| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** -| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | ** Set to 2 (two)** +| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**. **Set to 0 (zero)** +| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Turn off **Location for this device**. **Set to 0 (zero)** Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Turn off **Let apps use my camera**. **Set to 0 (zero)** Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Turn off **Let apps use my microphone**. **Set to 2 (two)** +| 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** +| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | **Set to 2 (two)** | | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | **Set to Disabled** -| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models. ** Set to 0 (zero)** -| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. ** Set to 0 (zero)** -| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Turn off **Let apps access my name picture and other account info in the UI ** Set to 2 (two)** -| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Turn off **Choose apps that can access contacts** in the UI. ** Set to 2 (two)** -| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | ** Set to 2 (two)** -| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | ** Set to 2 (two)** -| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | ** Set to 2 (two)** -| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | ** Set to 2 (two)** -| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) ** Set to 2 (two)** -| 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | ** Set to 2 (two)** -| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | ** Set to 2 (two)** -| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | ** Set to 2 (two)** -| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**. ** Set to 0 (zero)** -| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Turn off **Let apps run in the background** in the UI. ** Set to 2 (two)** Note: Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background** to **Force Deny**. -| 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | ** Set to 2 (two)** -| 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. ** Set to 2 (two)** -| 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | ** Set to 2 (two)** -| 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically. ** Set to 1 (one)** -| 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates. ** Set to 0 (zero)** -| 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized. ** Set to 0 (zero)** +| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** +| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. **Set to 0 (zero)** +| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Turn off **Let apps access my name picture and other account info in the UI **Set to 2 (two)** +| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Turn off **Choose apps that can access contacts**in the UI. **Set to 2 (two)** +| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | **Set to 2 (two)** +| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | **Set to 2 (two)** +| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | **Set to 2 (two)** +| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | **Set to 2 (two)** +| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) **Set to 2 (two)** +| 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | **Set to 2 (two)** +| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | **Set to 2 (two)** +| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | **Set to 2 (two)** +| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**. **Set to 0 (zero)** +| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Turn off **Let apps run in the background**in the UI. **Set to 2 (two)** Note: Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background**to **Force Deny**. +| 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | **Set to 2 (two)** +| 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)** +| 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | **Set to 2 (two)** +| 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)** +| 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates. **Set to 0 (zero)** +| 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized. **Set to 0 (zero)** | 21. Teredo | No MDM needed or required|No MDM needed or required | 22. Wi-Fi Sense | No MDM needed or required|No MDM needed or required -| 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service. ** Set to 0 (zero)** -| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. ** Set to 2 (two)** -| 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. ** Set to 0 (zero)** -| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store ** Set to 0 (zero)** +| 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)** +| | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)** +| 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)** +| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store **Set to 0 (zero)** | 24. Windows Media Player | N/A | N/A -| 25. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. ** Set to 0 (zero)** -| 26. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. ** Set to 1 (one)** -| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. ** Set to 0 (zero)** -| 26.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. ** Set to 0 (zero)** +| 25. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)** +| 26. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)** +| | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)** +| 26.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)** | 27. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). -| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. ** Set to 100 (one hundred)** -| 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates** Set to 5 (five)** +| | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)** +| 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates**Set to 5 (five)** + ### Allowed traffic (aka "Whitelisted") for Microsoft InTune / MDM configurations From 8eb9327855950b046999792d9ed0d9a70715e881 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 19:15:27 -0700 Subject: [PATCH 63/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...g-system-components-to-microsoft-services-using-MDM.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 74a970cd78..e49bfc19ea 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -66,22 +66,22 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. **Set to 0 (zero)** | | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions. **Set to 0 (zero)** | | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off. **Set to 0 (zero)** -| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | **Set to 1 (one)** Note:: After you apply this policy you must restart the device for the policy setting to take effect. +| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | **Set to 1 (one)** Note: After you apply this policy you must restart the device for the policy setting to take effect. | 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**Set to 0 (zero)** | | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0 (zero)** | 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** | 16. Preinstalled apps | N/A | N/A | 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. | 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**. **Set to 0 (zero)** -| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Turn off **Location for this device**. **Set to 0 (zero)** Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Turn off **Let apps use my camera**. **Set to 0 (zero)** Note:: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Turn off **Location for this device**. **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Turn off **Let apps use my camera**. **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). | 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Turn off **Let apps use my microphone**. **Set to 2 (two)** | 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** | | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | **Set to 2 (two)** | | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | **Set to Disabled** | 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** | | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. **Set to 0 (zero)** -| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Turn off **Let apps access my name picture and other account info in the UI **Set to 2 (two)** +| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Turn off **Let apps access my name picture and other account info in the UI** **Set to 2 (two)** | 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Turn off **Choose apps that can access contacts**in the UI. **Set to 2 (two)** | 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | **Set to 2 (two)** | 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | **Set to 2 (two)** From 0806bf3d5e242ca6ceb1068395688b77f4b663cd Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 19:17:04 -0700 Subject: [PATCH 64/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...components-to-microsoft-services-using-MDM.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index e49bfc19ea..fb247848e0 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -81,15 +81,15 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | **Set to Disabled** | 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** | | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. **Set to 0 (zero)** -| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Turn off **Let apps access my name picture and other account info in the UI** **Set to 2 (two)** -| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Turn off **Choose apps that can access contacts**in the UI. **Set to 2 (two)** -| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | **Set to 2 (two)** -| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | **Set to 2 (two)** -| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | **Set to 2 (two)** -| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | **Set to 2 (two)** -| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) **Set to 2 (two)** +| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | **Set to 2 (two)** +| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | **Set to 2 (two)** +| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | **Set to 2 (two)** +| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | **Set to 2 (two)** +| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | **Set to 2 (two)** +| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | **Set to 2 (two)** +| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) **Set to 2 (two)** | 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | **Set to 2 (two)** -| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | **Set to 2 (two)** +| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | **Set to 2 (two)** | | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | **Set to 2 (two)** | 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**. **Set to 0 (zero)** | 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Turn off **Let apps run in the background**in the UI. **Set to 2 (two)** Note: Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background**to **Force Deny**. From 58e3b0985a177b17cd581b8d7b1a0e0d78ed520b Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 19:19:58 -0700 Subject: [PATCH 65/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ponents-to-microsoft-services-using-MDM.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index fb247848e0..b792fff7f4 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -57,29 +57,29 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange) | Determines whether users can change the default Home Page or not. **Set to Enabled** | | [InternetExplorer/DisableFirstRunWizard]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard) | Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. **Set to Enabled** | 9. Live Tiles | [Notifications/DisallowTileNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications)| This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen. **Set to Enabled** -| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | **Set to 0 (zero)** -| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant. **Set to 0 (zero)** +| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | **Set to 0 (zero)** +| 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant. **Set to 0 (zero)** | 12. Microsoft Edge | | The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies). -| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites. **Set to 0 (zero)** -| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers. **Set to 0 (zero)** -| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge. **Set to 0 (zero)** -| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. **Set to 0 (zero)** +| | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites. **Set to 0 (zero)** +| | [Browser/AllowDoNotTrack](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowdonottrack) | Choose whether employees can send Do Not Track headers. **Set to 0 (zero)** +| | [Browser/AllowMicrosoftCompatbilityList](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowmicrosoftcompatibilitylist) | Specify the Microsoft compatibility list in Microsoft Edge. **Set to 0 (zero)** +| | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. **Set to 0 (zero)** | | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions. **Set to 0 (zero)** | | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off. **Set to 0 (zero)** | 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | **Set to 1 (one)** Note: After you apply this policy you must restart the device for the policy setting to take effect. -| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**Set to 0 (zero)** +| 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**Set to 0 (zero)** | | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0 (zero)** -| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** +| 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** | 16. Preinstalled apps | N/A | N/A | 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. -| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | Turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**. **Set to 0 (zero)** -| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Turn off **Location for this device**. **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Turn off **Let apps use my camera**. **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Turn off **Let apps use my microphone**. **Set to 2 (two)** +| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | **Set to 0 (zero)** +| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | **Set to 2 (two)** | 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** -| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | **Set to 2 (two)** +| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | **Set to 2 (two)** | | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | **Set to Disabled** -| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** +| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** | | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. **Set to 0 (zero)** | 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | **Set to 2 (two)** | 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | **Set to 2 (two)** From ffc0b9a55704278aa043c8dee40100c489870db1 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 19:21:20 -0700 Subject: [PATCH 66/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ating-system-components-to-microsoft-services-using-MDM.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index b792fff7f4..6fce0ff38f 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -79,7 +79,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** | | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | **Set to 2 (two)** | | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | **Set to Disabled** -| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Turn off updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** +| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | **Set to 0 (zero)** | | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. **Set to 0 (zero)** | 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | **Set to 2 (two)** | 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | **Set to 2 (two)** @@ -87,7 +87,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | **Set to 2 (two)** | 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | **Set to 2 (two)** | 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | **Set to 2 (two)** -| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) **Set to 2 (two)** +| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) | **Set to 2 (two)** | 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | **Set to 2 (two)** | 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | **Set to 2 (two)** | | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | **Set to 2 (two)** From ea68a77d4e1df00a956171f6b27ee6800b3f16ae Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Fri, 17 May 2019 19:23:38 -0700 Subject: [PATCH 67/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ing-system-components-to-microsoft-services-using-MDM.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 6fce0ff38f..e6236b50f8 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -80,7 +80,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | **Set to 2 (two)** | | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | **Set to Disabled** | 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | **Set to 0 (zero)** -| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)|This policy setting controls the ability to send inking and typing data to Microsoft to improve the language recognition and suggestion capabilities of apps and services running on Windows. **Set to 0 (zero)** +| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| **Set to 0 (zero)** | 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | **Set to 2 (two)** | 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | **Set to 2 (two)** | 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | **Set to 2 (two)** @@ -91,8 +91,8 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | **Set to 2 (two)** | 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | **Set to 2 (two)** | | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | **Set to 2 (two)** -| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**. **Set to 0 (zero)** -| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Turn off **Let apps run in the background**in the UI. **Set to 2 (two)** Note: Some apps, including Cortana and Search, might not function as expected if you set **Let apps run in the background**to **Force Deny**. +| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | **Set to 0 (zero)** +| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | **Set to 2 (two)** | 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | **Set to 2 (two)** | 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)** | 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | **Set to 2 (two)** From 998bc3e9947a89016382f12f26e6e960ae389fe4 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 11:42:24 -0700 Subject: [PATCH 68/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index bc3d6f1a45..f7dbf02210 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -43,6 +43,8 @@ Applying the Windows Restricted Traffic Limited Functionality Baseline is the sa It is recommended that you restart a device after making configuration changes to it. Note that **Get Help** and **Give us Feedback** links no longer work after the Windows Restricted Traffic Limited Functionality Baseline is applied. +To use Microsoft InTune cloud based device managment for restricting traffic please refer to the [Manage connections from Windows operating system components to Microsoft services using MDM](https://docs.microsoft.com/en-us/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm). + We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com. ## Management options for each setting From b23eb43aecfcfb6a47cacd9e9c5bdd401e3c16e8 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 11:58:57 -0700 Subject: [PATCH 69/90] Update TOC.md --- windows/privacy/TOC.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index 3c6f3b4f16..1503b46220 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -21,9 +21,9 @@ ### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) ### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) ### [Connection endpoints for Windows 10, version 1709](manage-windows-1709-endpoints.md) -### [Windows 10, version 1903, connection endpoints for non-Enterprise editions](windows-endpoints-1903-non-enterprise-editions.md) -### [Windows 10, version 1809, connection endpoints for non-Enterprise editions](windows-endpoints-1809-non-enterprise-editions.md) -### [Windows 10, version 1803, connection endpoints for non-Enterprise editions](windows-endpoints-1803-non-enterprise-editions.md) -### [Windows 10, version 1709, connection endpoints for non-Enterprise editions](windows-endpoints-1709-non-enterprise-editions.md) +### [Connection endpoints for non-Enterprise editions of Windows 10, version 1903](windows-endpoints-1903-non-enterprise-editions.md) +### [Connection endpoints for non-Enterprise editions of Windows 10, version 1809](windows-endpoints-1809-non-enterprise-editions.md) +### [Connection endpoints for non-Enterprise editions of Windows 10, version 1803](windows-endpoints-1803-non-enterprise-editions.md) +### [Connection endpoints for non-Enterprise editions of Windows 10, version 1709](windows-endpoints-1709-non-enterprise-editions.md) ## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) ## [Manage connections from Windows operating system components to Microsoft services using MDM](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md) From 219da799bd5e827d7ef95ae5bb25cbae6dfc9bd3 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 12:02:11 -0700 Subject: [PATCH 70/90] Update TOC.md --- windows/privacy/TOC.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/windows/privacy/TOC.md b/windows/privacy/TOC.md index 1503b46220..b3981fb3c1 100644 --- a/windows/privacy/TOC.md +++ b/windows/privacy/TOC.md @@ -17,6 +17,8 @@ ### [Windows 10, version 1709 and newer diagnostic data for the Full level](windows-diagnostic-data.md) ### [Windows 10, version 1703 diagnostic data for the Full level](windows-diagnostic-data-1703.md) ## Manage Windows 10 connection endpoints +### [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) +### [Manage connections from Windows operating system components to Microsoft services using MDM](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md) ### [Connection endpoints for Windows 10, version 1903](manage-windows-1903-endpoints.md) ### [Connection endpoints for Windows 10, version 1809](manage-windows-1809-endpoints.md) ### [Connection endpoints for Windows 10, version 1803](manage-windows-1803-endpoints.md) @@ -25,5 +27,4 @@ ### [Connection endpoints for non-Enterprise editions of Windows 10, version 1809](windows-endpoints-1809-non-enterprise-editions.md) ### [Connection endpoints for non-Enterprise editions of Windows 10, version 1803](windows-endpoints-1803-non-enterprise-editions.md) ### [Connection endpoints for non-Enterprise editions of Windows 10, version 1709](windows-endpoints-1709-non-enterprise-editions.md) -## [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) -## [Manage connections from Windows operating system components to Microsoft services using MDM](manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md) + From 101821908fc113d37d42c300360b340ca8b6f7bb Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 15:22:22 -0700 Subject: [PATCH 71/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ponents-to-microsoft-services-using-MDM.md | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index e6236b50f8..8f37a7aa8b 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -57,7 +57,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [InternetExplorer/DisableHomePageChange]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablehomepagechange) | Determines whether users can change the default Home Page or not. **Set to Enabled** | | [InternetExplorer/DisableFirstRunWizard]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-disablefirstrunwizard) | Prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows. **Set to Enabled** | 9. Live Tiles | [Notifications/DisallowTileNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications)| This policy setting turns off tile notifications. If you enable this policy setting applications and system features will not be able to update their tiles and tile badges in the Start screen. **Set to Enabled** -| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | **Set to 0 (zero)** +| 10. Mail synchronization | [Accounts/AllowMicrosoftAccountConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountconnection) | Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services. **Set to 0 (zero)** | 11. Microsoft Account | [Accounts/AllowMicrosoftAccountSignInAssistant](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-accounts#accounts-allowmicrosoftaccountsigninassistant) | Disable the Microsoft Account Sign-In Assistant. **Set to 0 (zero)** | 12. Microsoft Edge | | The following Microsoft Edge MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy/available-policies). | | [Browser/AllowAutoFill](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowautofill) | Choose whether employees can use autofill on websites. **Set to 0 (zero)** @@ -75,27 +75,27 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | **Set to 0 (zero)** | 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). | 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | **Set to 2 (two)** +| 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)** | 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** -| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | **Set to 2 (two)** -| | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | **Set to Disabled** -| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | **Set to 0 (zero)** -| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| **Set to 0 (zero)** -| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | **Set to 2 (two)** -| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | **Set to 2 (two)** -| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | **Set to 2 (two)** -| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | **Set to 2 (two)** -| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | **Set to 2 (two)** -| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | **Set to 2 (two)** -| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) | **Set to 2 (two)** -| 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | **Set to 2 (two)** -| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | **Set to 2 (two)** -| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | **Set to 2 (two)** -| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | **Set to 0 (zero)** -| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | **Set to 2 (two)** +| | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)** +| | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled** +| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Specifies whether the device will receive updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** +| | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft **Set to 0 (zero)** +| 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Specifies whether Windows apps can access account information. **Set to 2 (two)** +| 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Specifies whether Windows apps can access contacts. **Set to 2 (two)** +| 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | Specifies whether Windows apps can access the calendar. **Set to 2 (two)** +| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | Specifies whether Windows apps can access account information.**Set to 2 (two)** +| 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | Specifies whether Windows apps can access email. **Set to 2 (two)** +| 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | Specifies whether Windows apps can read or send messages (text or MMS). **Set to 2 (two)** +| 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) | Specifies whether Windows apps can make phone calls. **Set to 2 (two)** +| 17.14 Radios | [Privacy/LetAppsAccessRadios](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessradios) | Specifies whether Windows apps have access to control radios. **Set to 2 (two)** +| 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | Specifies whether Windows apps can sync with devices. **Set to 2 (two)** +| | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | Specifies whether Windows apps can access trusted devices. **Set to 2 (two)** +| 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Allow the device to send diagnostic and usage telemetry data, such as Watson. **Set to 0 (zero)** +| 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Specifies whether Windows apps can run in the background. **Set to 2 (two)** | 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | **Set to 2 (two)** | 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)** -| 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | **Set to 2 (two)** +| 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)** | 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)** | 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates. **Set to 0 (zero)** | 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized. **Set to 0 (zero)** From df7b3d61c170cb7b57f4bf788b27b38f66f78c68 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 15:26:50 -0700 Subject: [PATCH 72/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ating-system-components-to-microsoft-services-using-MDM.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 8f37a7aa8b..0f01d0c337 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -48,8 +48,8 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 3. Date & Time | [Settings/AllowDateTime](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowdatetime)| Allows the user to change date and time settings. **Set to 0 (zero)** | 4. Device metadata retrieval | [DeviceInstallation/PreventDeviceMetadataFromNetwork](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deviceinstallation#deviceinstallation-preventdevicemetadatafromnetwork) | Choose whether to prevent Windows from retrieving device metadata from the Internet. **Set to Enabled** | 5. Find My Device | [Experience/AllowFindMyDevice](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowfindmydevice)| This policy turns on Find My Device. **Set to 0 (zero)** -| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | **Set to 0 (zero)** -| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | **Set to 0 (zero)** +| 6. Font streaming | [System/AllowFontProviders](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowfontproviders) | Setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. **Set to 0 (zero)** +| 7. Insider Preview builds | [System/AllowBuildPreview](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowbuildpreview) | This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. **Set to 0 (zero)** | 8. Internet Explorer | The following Microsoft Internet Explorer MDM policies are available in the [Internet Explorer CSP](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer) | | | [InternetExplorer/AllowSuggestedSites](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-allowsuggestedsites) | Recommends websites based on the user’s browsing activity. **Set to Disabled** | | [InternetExplorer/PreventManagingSmartScreenFilter]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-internetexplorer#internetexplorer-preventmanagingsmartscreenfilter) | Prevents the user from managing SmartScreen Filter, which warns the user if the website being visited is known for fraudulent attempts to gather personal information through "phishing," or is known to host malware. **Set to Enabled** From 90d8d0f993004f5ebba8d90d6cdcca05fe4f81dd Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 17:22:17 -0700 Subject: [PATCH 73/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ating-system-components-to-microsoft-services-using-MDM.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 0f01d0c337..38ee64aa0b 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -99,8 +99,8 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)** | 19. Storage Health | [Storage/AllowDiskHealthModelUpdates](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-storage#storage-allowdiskhealthmodelupdates) | Allows disk health model updates. **Set to 0 (zero)** | 20. Sync your settings | [Experience/AllowSyncMySettings](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowsyncmysettings) | Control whether your settings are synchronized. **Set to 0 (zero)** -| 21. Teredo | No MDM needed or required|No MDM needed or required -| 22. Wi-Fi Sense | No MDM needed or required|No MDM needed or required +| 21. Teredo | No MDM needed | Teredo is **Off by default**. Delivery Optimization (DO) can turn on Teredo, but DO itself is turned Off via MDM. +| 22. Wi-Fi Sense | No MDM needed | Wi-Fi Sense is no longer available from Windows 10 version 1803 and newer. | 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)** | | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)** | 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)** From 2ccd9554f1f3437a7a2731eb30a8246f968d4ffd Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 17:24:42 -0700 Subject: [PATCH 74/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 38ee64aa0b..17d8702e1c 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -72,7 +72,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** | 16. Preinstalled apps | N/A | N/A | 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. -| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | **Set to 0 (zero)** +| 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | This policy setting controls the ability to send inking and typing data to Microsoft. **Set to 0 (zero)** | 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). | 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). | 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)** From 86813c5e5c116286293a263b10c324fa5e16f261 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 17:28:42 -0700 Subject: [PATCH 75/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ing-system-components-to-microsoft-services-using-MDM.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 17d8702e1c..ce24ada4b1 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -66,15 +66,15 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [Browser/AllowPasswordManager](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowpasswordmanager) | Choose whether employees can save passwords locally on their devices. **Set to 0 (zero)** | | [Browser/AllowSearchSuggestionsinAddressBar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsearchsuggestionsinaddressbar) | Choose whether the Address Bar shows search suggestions. **Set to 0 (zero)** | | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Choose whether SmartScreen is turned on or off. **Set to 0 (zero)** -| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | **Set to 1 (one)** Note: After you apply this policy you must restart the device for the policy setting to take effect. +| 13. Network Connection Status Indicator | [Connectivity/DisallowNetworkConnectivityActiveTests](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-connectivity#connectivity-disallownetworkconnectivityactivetests) | Note: After you apply this policy you must restart the device for the policy setting to take effect. **Set to 1 (one)** | 14. Offline maps | [AllowOfflineMapsDownloadOverMeteredConnection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps)|Allows the download and update of map data over metered connections.
**Set to 0 (zero)** | | [EnableOfflineMapsAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-maps#maps-enableofflinemapsautoupdate)|Disables the automatic download and update of map data. **Set to 0 (zero)** | 15. OneDrive | [DisableOneDriveFileSync](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-disableonedrivefilesync)| Allows IT Admins to prevent apps and features from working with files on OneDrive. **Set to 1 (one)** | 16. Preinstalled apps | N/A | N/A | 17. Privacy settings | | Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC. | 17.1 General | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection) | This policy setting controls the ability to send inking and typing data to Microsoft. **Set to 0 (zero)** -| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). -| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | **Set to 0 (zero)** Note: You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](https://msdn.microsoft.com/library/dn905224.aspx). +| 17.2 Location | [System/AllowLocation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowlocation) | Specifies whether to allow app access to the Location service. **Set to 0 (zero)** +| 17.3 Camera | [Camera/AllowCamera](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-camera#camera-allowcamera) | Disables or enables the camera. **Set to 0 (zero)** | 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)** | 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** | | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)** From 2af7e414907146cc401bb1319647b0860eb76e5f Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 17:30:05 -0700 Subject: [PATCH 76/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index ce24ada4b1..4ed4c5bf4b 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -93,7 +93,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | Specifies whether Windows apps can access trusted devices. **Set to 2 (two)** | 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Allow the device to send diagnostic and usage telemetry data, such as Watson. **Set to 0 (zero)** | 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Specifies whether Windows apps can run in the background. **Set to 2 (two)** -| 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | **Set to 2 (two)** +| 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | Specifies whether Windows apps can access motion data. **Set to 2 (two)** | 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)** | 17.20 App Diagnostics | [Privacy/LetAppsGetDiagnosticInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsgetdiagnosticinfo) | Force allow, force deny or give user control of apps that can get diagnostic information about other running apps. **Set to 2 (two)** | 18. Software Protection Platform | [Licensing/DisallowKMSClientOnlineAVSValidation](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-licensing#licensing-disallowkmsclientonlineavsvalidation) | Opt out of sending KMS client activation data to Microsoft automatically. **Set to 1 (one)** From 88bf10adf04bae835a6c77e640afac94094928d9 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 17:32:06 -0700 Subject: [PATCH 77/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ating-system-components-to-microsoft-services-using-MDM.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 4ed4c5bf4b..972eaa2038 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -104,7 +104,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 23. Windows Defender | [Defender/AllowCloudProtection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-allowcloudprotection) | Disconnect from the Microsoft Antimalware Protection Service. **Set to 0 (zero)** | | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)** | 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)** -| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store **Set to 0 (zero)** +| 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)** | 24. Windows Media Player | N/A | N/A | 25. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)** | 26. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)** @@ -112,7 +112,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 26.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)** | 27. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). | | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)** -| 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates**Set to 5 (five)** +| 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)** ### Allowed traffic (aka "Whitelisted") for Microsoft InTune / MDM configurations From fef188631a53a41e2d13bbe8f64f93b1a4db5d9c Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 17:35:51 -0700 Subject: [PATCH 78/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...ating-system-components-to-microsoft-services-using-MDM.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 972eaa2038..9e17cd20d0 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -79,12 +79,12 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** | | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)** | | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled** -| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Specifies whether the device will receive updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** +| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Specifies whether the device will receive updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** | | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft **Set to 0 (zero)** | 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Specifies whether Windows apps can access account information. **Set to 2 (two)** | 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Specifies whether Windows apps can access contacts. **Set to 2 (two)** | 17.9 Calendar | [Privacy/LetAppsAccessCalendar](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscalendar) | Specifies whether Windows apps can access the calendar. **Set to 2 (two)** -| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | Specifies whether Windows apps can access account information.**Set to 2 (two)** +| 17.10 Call history | [Privacy/LetAppsAccessCallHistory](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscallhistory) | Specifies whether Windows apps can access account information. **Set to 2 (two)** | 17.11 Email | [Privacy/LetAppsAccessEmail](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessemail) | Specifies whether Windows apps can access email. **Set to 2 (two)** | 17.12 Messaging | [Privacy/LetAppsAccessMessaging](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmessaging) | Specifies whether Windows apps can read or send messages (text or MMS). **Set to 2 (two)** | 17.13 Phone calls | [Privacy/LetAppsAccessPhone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessphone) | Specifies whether Windows apps can make phone calls. **Set to 2 (two)** From 19d1241a1d6717ab90f685d1ebe549d7719bad9c Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 17:37:57 -0700 Subject: [PATCH 79/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...stem-components-to-microsoft-services-using-MDM.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 9e17cd20d0..f754e4e9a5 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -105,14 +105,13 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | | [Defender/SubmitSamplesConsent](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-defender#defender-submitsamplesconsent) | Stop sending file samples back to Microsoft. **Set to 2 (two)** | 23.1 Windows Defender Smartscreen | [Browser/AllowSmartScreen](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-browser#browser-allowsmartscreen) | Disable Windows Defender Smartscreen. **Set to 0 (zero)** | 23.2 Windows Defender Smartscreen EnableAppInstallControl | [SmartScreen/EnableAppInstallControl](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-smartscreen#smartscreen-enableappinstallcontrol) | Controls whether users are allowed to install apps from places other than the Microsoft Store. **Set to 0 (zero)** -| 24. Windows Media Player | N/A | N/A -| 25. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)** -| 26. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)** +| 24. Windows Spotlight | [Experience/AllowWindowsSpotlight](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-allowwindowsspotlight) | Disable Windows Spotlight. **Set to 0 (zero)** +| 25. Microsoft Store | [ApplicationManagement/DisableStoreOriginatedApps](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-disablestoreoriginatedapps)| Boolean value that disables the launch of all apps from Microsoft Store that came pre-installed or were downloaded. **Set to 1 (one)** | | [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)| Specifies whether automatic update of apps from Microsoft Store are allowed. **Set to 0 (zero)** -| 26.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)** -| 27. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). +| 25.1 Apps for websites | [ApplicationDefaults/EnableAppUriHandlers](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-applicationdefaults#applicationdefaults-enableappurihandlers) | This policy setting determines whether Windows supports web-to-app linking with app URI handlers. **Set to 0 (zero)** +| 26. Windows Update Delivery Optimization | | The following Delivery Optimization MDM policies are available in the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx). | | [DeliveryOptimization/DODownloadMode](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-deliveryoptimization#deliveryoptimization-dodownloadmode)| Lets you choose where Delivery Optimization gets or sends updates and apps. **Set to 100 (one hundred)** -| 28. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)** +| 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)** ### Allowed traffic (aka "Whitelisted") for Microsoft InTune / MDM configurations From f56e50a3f786b2c1547b7c754b441dc78e4560ff Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 19:06:33 -0700 Subject: [PATCH 80/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index f754e4e9a5..6170aa0169 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -78,7 +78,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 17.4 Microphone | [Privacy/LetAppsAccessMicrophone](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmicrophone) | Specifies whether Windows apps can access the microphone. **Set to 2 (two)** | 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** | | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)** -| | [Settings/Notifications & actions/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled** +| | [Settings/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled** | 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Specifies whether the device will receive updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** | | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft **Set to 0 (zero)** | 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Specifies whether Windows apps can access account information. **Set to 2 (two)** From 8ed44423b0d1c33d15b709ac9d10c46f24df42a3 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 19:38:15 -0700 Subject: [PATCH 81/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...rating-system-components-to-microsoft-services.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index f7dbf02210..b31f45fa4d 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -457,7 +457,9 @@ You can also use Registry keys to set these policies. | Turn off background synchronization for feeds and Web Slices | HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Feeds
REG_DWORD: BackgroundSyncStatus
**Set Value to 0**| | Allow Online Tips | HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Explorer
REG_DWORD: AllowOnlineTips
**Set Value to 0 (zero)**| -To turn off the home page, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank**. +To turn off the home page: + +- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank** -or - @@ -468,14 +470,18 @@ To turn off the home page, **Enable** the Group Policy: **User Configuration** > - Create a new REG_DWORD registry setting named **HomePage** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Control Panel** with a **1 (one)** -To configure the First Run Wizard, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page**. +To configure the First Run Wizard: + +- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page** -or - - Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)** -To configure the behavior for a new tab, **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank**. +To configure the behavior for a new tab: + +- **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank** -or - From b9061d8a582bf45643e87b10dce34bfa9e0a82da Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Mon, 20 May 2019 19:40:37 -0700 Subject: [PATCH 82/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...s-operating-system-components-to-microsoft-services.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index b31f45fa4d..f939752bec 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -461,7 +461,7 @@ To turn off the home page: - **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Disable changing home page settings**, and set it to **about:blank** - -or - + -or- - Create a new REG_SZ registry setting named **Start Page** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **about:blank** @@ -474,7 +474,7 @@ To configure the First Run Wizard: - **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Prevent running First Run wizard**, and set it to **Go directly to home page** - -or - + -or- - Create a new REG_DWORD registry setting named **DisableFirstRunCustomize** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\Main** with a **1 (one)** @@ -483,7 +483,7 @@ To configure the behavior for a new tab: - **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Specify default behavior for a new tab**, and set it to **about:blank** - -or - + -or- - Create a new REG_DWORD registry setting named **NewTabPageShow** in **HKEY_Current_User\\SOFTWARE\\Policies\\Microsoft\\Internet Explorer\\TabbedBrowsing** with a **0 (zero)** @@ -496,7 +496,7 @@ You can turn this off by: - **Enable** the Group Policy: **User Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Security Features** > **Add-on Management** > **Turn off Automatic download of the ActiveX VersionList** - -or - + -or- - Changing the REG_DWORD registry setting **HKEY_CURRENT_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to **0 (zero)**. From 77130a267200c42db7186e15a07f478f9c64c23a Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 21 May 2019 00:01:44 -0700 Subject: [PATCH 83/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index f939752bec..0c1bdaf9dc 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1061,7 +1061,7 @@ To turn off voice dictation, speaking to Cortana and other apps, or sending voic - Create a REG_DWORD registry setting named **HasAccepted** in **HKEY_CURRENT_USER\\Software\\Microsoft\\Speech_OneCore\\Settings\\OnlineSpeechPrivacy** with a **value of 0 (zero)** -If you're running at Windows 10, version 1703 up to Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models: +If you're running at Windows 10, version 1703 up to and including Windows 10, version 1803, you can turn off updates to the speech recognition and speech synthesis models: - **Disable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Speech** > **Allow automatic update of Speech Data** From c48b73a3b05c319fe0bcd846182001a728d2ed6f Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 21 May 2019 00:32:24 -0700 Subject: [PATCH 84/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 0c1bdaf9dc..0e8aabd32d 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1019,9 +1019,7 @@ To turn off **Choose apps that can use your microphone**: To turn off notifications network usage: -- Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage** - - - Set to **Enabled**. +- **Enable** the Group Policy: **Computer Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn off Notifications network usage** -or- From 34af4ece5bfa2703ca1ce198cb0ea672295c41b9 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 21 May 2019 00:47:28 -0700 Subject: [PATCH 85/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...ndows-operating-system-components-to-microsoft-services.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 0e8aabd32d..5ea6dcf94c 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1660,7 +1660,9 @@ You can turn off **Enhanced Notifications** as follows: To disable Windows Defender Smartscreen: -- In Group Policy, configure - **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** to be **Disabled** +In Group Policy, configure: + +- **Computer Configuration > Administrative Templates > Windows Components > Windows Defender SmartScreen > Explorer > Configure Windows Defender SmartScreen** to be **Disabled** -and- From 858a990def2f94de1747fd1a0a3159cd7af1ad35 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 21 May 2019 01:20:30 -0700 Subject: [PATCH 86/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 5ea6dcf94c..9b3f4b2747 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1885,7 +1885,7 @@ You can turn off Windows Update by setting the following registry entries: - Set the Group Policy **User Configuration** > **Administrative Templates** > **Windows Components** > **Windows Update** > **Remove access to use all Windows Update features** to **Enabled** and then set **Computer Configurations** to **0 (zero)**. -You can turn off automatic updates by doing one of the following. This is not recommended. +You can turn off automatic updates by doing the following. This is not recommended. - Add a REG_DWORD value named **AutoDownload** to **HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5. From 0e87eee9e715738c9df88923daa683e63684369e Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 21 May 2019 02:33:37 -0700 Subject: [PATCH 87/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...rating-system-components-to-microsoft-services-using-MDM.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index 6170aa0169..cd2016076a 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -79,7 +79,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 17.5 Notifications | [Notifications/DisallowCloudNotification](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-notifications#notifications-disallowcloudnotification) | Turn off notifications network usage. **DO NOT TURN OFF WNS Notifications if you want manage your device(s) using Microsoft InTune** | | [Privacy/LetAppsAccessNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessnotifications) | Specifies whether Windows apps can access notifications. **Set to 2 (two)** | | [Settings/AllowOnlineTips]( https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-settings#settings-allowonlinetips) | Enables or disables the retrieval of online tips and help for the Settings app. **Set to Disabled** -| 17.6 Speech, Inking, & Typing | [Speech/AllowSpeechModelUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-speech#speech-allowspeechmodelupdate) | Specifies whether the device will receive updates to the speech recognition and speech synthesis models. **Set to 0 (zero)** +| 17.6 Speech, Inking, & Typing | [Privacy/AllowInputPersonalization](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-allowinputpersonalization) | This policy specifies whether users on the device have the option to enable online speech recognition. **Set to 0 (zero)** | | [TextInput/AllowLinguisticDataCollection](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-textinput#textinput-allowlinguisticdatacollection)| This policy setting controls the ability to send inking and typing data to Microsoft **Set to 0 (zero)** | 17.7 Account info | [Privacy/LetAppsAccessAccountInfo](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessaccountinfo) | Specifies whether Windows apps can access account information. **Set to 2 (two)** | 17.8 Contacts | [Privacy/LetAppsAccessContacts](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesscontacts) | Specifies whether Windows apps can access contacts. **Set to 2 (two)** @@ -92,6 +92,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 17.15 Other devices | [Privacy/LetAppsSyncWithDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappssyncwithdevices) | Specifies whether Windows apps can sync with devices. **Set to 2 (two)** | | [Privacy/LetAppsAccessTrustedDevices](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstrusteddevices) | Specifies whether Windows apps can access trusted devices. **Set to 2 (two)** | 17.16 Feedback & diagnostics | [System/AllowTelemetry](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | Allow the device to send diagnostic and usage telemetry data, such as Watson. **Set to 0 (zero)** +| | [Experience/DoNotShowFeedbackNotifications](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-experience#experience-donotshowfeedbacknotifications)| Prevents devices from showing feedback questions from Microsoft. **Set to 1 (one)** | 17.17 Background apps | [Privacy/LetAppsRunInBackground](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsruninbackground) | Specifies whether Windows apps can run in the background. **Set to 2 (two)** | 17.18 Motion | [Privacy/LetAppsAccessMotion](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccessmotion) | Specifies whether Windows apps can access motion data. **Set to 2 (two)** | 17.19 Tasks | [Privacy/LetAppsAccessTasks](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-privacy#privacy-letappsaccesstasks) | Turn off the ability to choose which apps have access to tasks. **Set to 2 (two)** From d31a135f198fbbfb2db4447c69e6a85df11e753e Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 21 May 2019 02:34:44 -0700 Subject: [PATCH 88/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md --- ...erating-system-components-to-microsoft-services-using-MDM.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md index cd2016076a..53034ea742 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-MDM.md @@ -115,7 +115,7 @@ For Windows 10, the following MDM policies are available in the [Policy CSP](htt | 27. Windows Update | [Update/AllowAutoUpdate](https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#update-allowautoupdate) | Control automatic updates. **Set to 5 (five)** -### Allowed traffic (aka "Whitelisted") for Microsoft InTune / MDM configurations +### Allowed traffic ("Whitelisted traffic") for Microsoft InTune / MDM configurations |**Allowed traffic endpoints** | | --- | From 74ad9ceabd7c288dfbd01161e0866c035b35f0f3 Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 21 May 2019 09:22:12 -0700 Subject: [PATCH 89/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 9b3f4b2747..6d68ff8d29 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1046,7 +1046,7 @@ To turn off **Let apps access my notifications**: In the **Speech** area, you can configure the functionality as such: -To turn off voice dictation, speaking to Cortana and other apps, or sending voice input to Microsoft Speech services: +To turn off using your voice for dictation and to talk to Cortana and other apps and sending your voice input to Microsoft Speech services: - Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off** From a1b8af84adb8e8842473f6349e4c6aca95348a6d Mon Sep 17 00:00:00 2001 From: Mike Edgar <49731348+medgarmedgar@users.noreply.github.com> Date: Tue, 21 May 2019 10:57:13 -0700 Subject: [PATCH 90/90] Update manage-connections-from-windows-operating-system-components-to-microsoft-services.md --- ...windows-operating-system-components-to-microsoft-services.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md index 6d68ff8d29..8f196beb9f 100644 --- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md +++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md @@ -1046,7 +1046,7 @@ To turn off **Let apps access my notifications**: In the **Speech** area, you can configure the functionality as such: -To turn off using your voice for dictation and to talk to Cortana and other apps and sending your voice input to Microsoft Speech services: +To turn off dictation of your voice, speaking to Cortana and other apps, and to prevent sending your voice input to Microsoft Speech services: - Toggle the Settings -> Privacy -> Speech -> **Online speech recognition** switch to **Off**