deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Merge branch 'master' of https://cpubwin.visualstudio.com/_git/it-client into microsoft-edge-preview

Browse Source
This commit is contained in:
Patti Short
2018-08-06 09:49:50 -07:00
parent 49fc40e36d 9dff421464
commit 99e7c68bf5
57 changed files with 653 additions and 277 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -9,7 +9,7 @@ ms.pagetype: devices
author: jdeckerms
ms.localizationpriority: medium
ms.author: jdecker
ms.date: 11/28/2017
ms.date: 08/02/2018
---
# Connect to remote Azure Active Directory-joined PC
@ -45,6 +45,9 @@ From its release, Windows 10 has supported remote connections to PCs that are jo
4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
>[!TIP]
>When you connect to the remote PC, enter your account name in this format: `AzureADName\YourAccountName`.
## Supported configurations

2
windows/client-management/mdm/enterprisemodernappmanagement-csp.md
View File

@ -366,7 +366,7 @@ This setting allows the IT admin to set an app to be nonremovable, or unable to
NonRemovable requires admin permission. This can only be set per device, not per user. You can query the setting using AppInventoryQuery or AppInventoryResults.
Value type is integer. Supported operations are Add, Get, Replace, and Delete.
Value type is integer. Supported operations are Add, Get, and Replace.
Valid values:
- 0 app is not in the nonremovable app policy list

1
windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
View File

@ -495,7 +495,6 @@ The XML below is for Windows 10, next major version.
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>

129
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -27,6 +27,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What's new in Windows 10, version 1703](#whatsnew10)
- [What's new in Windows 10, version 1709](#whatsnew1709)
- [What's new in Windows 10, version 1803](#whatsnew1803)
- [What's new in Windows 10, next major version](#whatsnewnext)
- [Change history in MDM documentation](#change-history-in-mdm-documentation)
- [Breaking changes and known issues](#breaking-changes-and-known-issues)
- [Get command inside an atomic command is not supported](#getcommand)
@ -1357,6 +1358,101 @@ For details about Microsoft mobile device management protocols for Windows 10 s
</tbody>
</table>
## <a href="" id="whatsnewnext"></a>What's new in Windows 10, next major version
<table class="mx-tdBreakAll">
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<thead>
<tr class="header">
<th>New or updated topic</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies in Windows 10, next major version:</p>
<ul>
<li>ApplicationManagement/LaunchAppAfterLogOn</li>
<li>ApplicationManagement/ScheduleForceRestartForUpdateFailures </li>
<li>Authentication/EnableFastFirstSignIn</li>
<li>Authentication/EnableWebSignIn</li>
<li>Authentication/PreferredAadTenantDomainName</li>
<li>Defender/CheckForSignaturesBeforeRunningScan</li>
<li>Defender/DisableCatchupFullScan </li>
<li>Defender/DisableCatchupQuickScan </li>
<li>Defender/EnableLowCPUPriority</li>
<li>Defender/SignatureUpdateFallbackOrder</li>
<li>Defender/SignatureUpdateFileSharesSources</li>
<li>DeviceGuard/EnableSystemGuard</li>
<li>DeviceInstallation/AllowInstallationOfMatchingDeviceIDs</li>
<li>DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses</li>
<li>DeviceInstallation/PreventDeviceMetadataFromNetwork</li>
<li>DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings</li>
<li>DmaGuard/DeviceEnumerationPolicy</li>
<li>Experience/AllowClipboardHistory</li>
<li>Experience/DoNotSyncBrowserSetting</li>
<li>Experience/PreventUsersFromTurningOnBrowserSyncing</li>
<li>Security/RecoveryEnvironmentAuthentication</li>
<li>TaskManager/AllowEndTask</li>
<li>Update/EngagedRestartDeadlineForFeatureUpdates</li>
<li>Update/EngagedRestartSnoozeScheduleForFeatureUpdates</li>
<li>Update/EngagedRestartTransitionScheduleForFeatureUpdates</li>
<li>Update/SetDisablePauseUXAccess</li>
<li>Update/SetDisableUXWUAccess</li>
<li>WindowsDefenderSecurityCenter/DisableClearTpmButton</li>
<li>WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning</li>
<li>WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl</li>
<li>WindowsLogon/DontDisplayNetworkSelectionUI</li>
</ul>
</td></tr>
<tr>
<td style="vertical-align:top">[PassportForWork CSP](passportforwork-csp.md)</td>
<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)</td>
<td style="vertical-align:top"><p>Added NonRemovable setting under AppManagement node in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md)</td>
<td style="vertical-align:top"><p>Added new configuration service provider in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[WindowsLicensing CSP](windowslicensing-csp.md)</td>
<td style="vertical-align:top"><p>Added S mode settings and SyncML examples in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[SUPL CSP](supl-csp.md)</td>
<td style="vertical-align:top"><p>Added 3 new certificate nodes in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Defender CSP](defender-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node Health/ProductStatus in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node AllowStandardUserEncryption in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[DevDetail CSP](devdetail-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node SMBIOSSerialNumber in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Wifi CSP](wifi-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node WifiCost in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
</td></tr>
</tbody>
</table>
## Breaking changes and known issues
### <a href="" id="getcommand"></a>Get command inside an atomic command is not supported
@ -1623,6 +1719,35 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
## Change history in MDM documentation
### August 2018
<table class="mx-tdBreakAll">
<colgroup>
<col width="25%" />
<col width="75%" />
</colgroup>
<thead>
<tr class="header">
<th>New or updated topic</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
<td style="vertical-align:top"><p>Added new settings in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies in Windows 10, next major version:</p>
<ul>
<li>Experience/DoNotSyncBrowserSetting</li>
<li>Experience/PreventUsersFromTurningOnBrowserSyncing</li>
</ul>
</td></tr>
</tbody>
</table>
### July 2018
<table class="mx-tdBreakAll">
@ -1729,7 +1854,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
<tbody>
<tr>
<td style="vertical-align:top">[Wifi CSP](wifi-csp.md)</td>
<td style="vertical-align:top"><p>Added a new node WifiCost.</p>
<td style="vertical-align:top"><p>Added a new node WifiCost in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Diagnose MDM failures in Windows 10](diagnose-mdm-failures-in-windows-10.md)</td>
@ -1741,7 +1866,7 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</td></tr>
<tr>
<td style="vertical-align:top">[Bitlocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top"><p>Added new node AllowStandardUserEncryption.</p>
<td style="vertical-align:top"><p>Added new node AllowStandardUserEncryption in Windows 10, next major version.</p>
</td></tr>
<tr>
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>

571
windows/client-management/mdm/policy-ddf-file.md
View File

@ -7,7 +7,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: MariciaAlforque
ms.date: 07/03/2018
ms.date: 08/03/2018
---
# Policy DDF file
@ -1406,30 +1406,6 @@ Related policy:
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ForceEnabledExtensions</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This setting lets you decide which extensions should be always enabled.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>HomePages</NodeName>
<DFProperties>
@ -1654,6 +1630,47 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PreventTurningOffRequiredExtensions</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
<DFProperties>
@ -8614,6 +8631,52 @@ Related policy:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Privacy</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>DisablePrivacyExperience</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Security</NodeName>
<DFProperties>
@ -10528,34 +10591,6 @@ Related policy:
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>ForceEnabledExtensions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>This setting lets you decide which extensions should be always enabled.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>ForceEnabledExtensions_List</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>ForceEnabledExtensions</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>HomePages</NodeName>
<DFProperties>
@ -10806,6 +10841,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>PreventTurningOffRequiredExtensions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>PreventTurningOffRequiredExtensions_Prompt</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>PreventTurningOffRequiredExtensions</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
<DFProperties>
@ -18546,6 +18626,54 @@ Related policy:
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Privacy</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>DisablePrivacyExperience</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>OOBE.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>OOBE~AT~WindowsComponents~OOBE</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>DisablePrivacyExperience</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Security</NodeName>
<DFProperties>
@ -22272,30 +22400,6 @@ Related policy:
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ForceEnabledExtensions</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This setting lets you decide which extensions should be always enabled.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>HomePages</NodeName>
<DFProperties>
@ -22520,6 +22624,47 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PreventTurningOffRequiredExtensions</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
<DFProperties>
@ -27063,7 +27208,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</DFProperties>
</Node>
<Node>
<NodeName>DoNotSyncBrowserSetting</NodeName>
<NodeName>DoNotSyncBrowserSettings</NodeName>
<DFProperties>
<AccessType>
<Add />
@ -27098,7 +27243,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
<Replace />
</AccessType>
<Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
Related policy: DoNotSyncBrowserSetting
Related policy: DoNotSyncBrowserSettings
1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
<DFFormat>
<int/>
@ -34352,38 +34497,6 @@ Default: Disabled.</Description>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Microsoft network server: Amount of idle time required before suspending a session
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsAlways</NodeName>
<DFProperties>
@ -36623,6 +36736,30 @@ The options are:
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DisablePrivacyExperience</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>EnableActivityFeed</NodeName>
<DFProperties>
@ -41468,6 +41605,30 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>AllowDeviceNameInDiagnosticData</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>AllowEmbeddedMode</NodeName>
<DFProperties>
@ -44073,7 +44234,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
</DFProperties>
</Node>
<Node>
<NodeName>UpdateNotificationKioskMode</NodeName>
<NodeName>UpdateNotificationLevel</NodeName>
<DFProperties>
<AccessType>
<Add />
@ -49551,34 +49712,6 @@ Related policy:
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>ForceEnabledExtensions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>This setting lets you decide which extensions should be always enabled.</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>ForceEnabledExtensions_List</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>ForceEnabledExtensions</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>HomePages</NodeName>
<DFProperties>
@ -49829,6 +49962,51 @@ Due to Protected Settings (aka.ms/browserpolicy), this policy will only apply on
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>PreventTurningOffRequiredExtensions</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue></DefaultValue>
<Description>You can define a list of extensions in Microsoft Edge that users cannot turn off. You must deploy extensions through any available enterprise deployment channel, such as Microsoft Intune. When you enable this policy, users cannot uninstall extensions from their computer, but they can configure options for extensions defined in this policy, such as allow for InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically.
When you enable this policy, you must provide a semi-colon delimited list of extension package family names (PFNs). For example, adding Microsoft.OneNoteWebClipper_8wekyb3d8bbwe;Microsoft.OfficeOnline_8wekyb3d8bbwe prevents a user from turning off the OneNote Web Clipper and Office Online extension.
When enabled, removing extensions from the list does not uninstall the extension from the users computer automatically. To uninstall the extension, use any available enterprise deployment channel.
If you enable the Allow Developer Tools policy, then this policy does not prevent users from debugging and altering the logic on an extension.
If disabled or not configured, extensions defined as part of this policy get ignored.
Default setting: Disabled or not configured
Related policies: Allow Developer Tools
Related Documents:
- Find a package family name (PFN) for per-app VPN (https://docs.microsoft.com/en-us/sccm/protect/deploy-use/find-a-pfn-for-per-app-vpn)
- How to manage apps you purchased from the Microsoft Store for Business with Microsoft Intune (https://docs.microsoft.com/en-us/intune/windows-store-for-business)
- How to assign apps to groups with Microsoft Intune (https://docs.microsoft.com/en-us/intune/apps-deploy)
- Manage apps from the Microsoft Store for Business with System Center Configuration Manager (https://docs.microsoft.com/en-us/sccm/apps/deploy-use/manage-apps-from-the-windows-store-for-business)
- How to add Windows line-of-business (LOB) apps to Microsoft Intune (https://docs.microsoft.com/en-us/intune/lob-apps-windows)</Description>
<DFFormat>
<chr/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>MicrosoftEdge.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>PreventTurningOffRequiredExtensions_Prompt</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>MicrosoftEdge~AT~WindowsComponents~MicrosoftEdge</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>PreventTurningOffRequiredExtensions</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>PreventUsingLocalHostIPAddressForWebRTC</NodeName>
<DFProperties>
@ -54899,7 +55077,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</DFProperties>
</Node>
<Node>
<NodeName>DoNotSyncBrowserSetting</NodeName>
<NodeName>DoNotSyncBrowserSettings</NodeName>
<DFProperties>
<AccessType>
<Get />
@ -54935,7 +55113,7 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
</AccessType>
<DefaultValue>1</DefaultValue>
<Description>You can configure Microsoft Edge to allow users to turn on the Sync your Settings option to sync information, such as history and favorites, between user&apos;s devices. When enabled and you enable the Do not sync browser setting policy, browser settings sync automatically. If disabled, users have the option to sync the browser settings.
Related policy: DoNotSyncBrowserSetting
Related policy: DoNotSyncBrowserSettings
1 (default) = Do not allow users to turn on syncing, 0 = Allows users to turn on syncing</Description>
<DFFormat>
<int/>
@ -63004,41 +63182,6 @@ Default: Disabled.</Description>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>15</DefaultValue>
<Description>Microsoft network server: Amount of idle time required before suspending a session
This security setting determines the amount of continuous idle time that must pass in a Server Message Block (SMB) session before the session is suspended due to inactivity.
Administrators can use this policy to control when a computer suspends an inactive SMB session. If client activity resumes, the session is automatically reestablished.
For this policy setting, a value of 0 means to disconnect an idle session as quickly as is reasonably possible. The maximum value is 99999, which is 208 days; in effect, this value disables the policy.
Default:This policy is not defined, which means that the system treats it as 15 minutes for servers and undefined for workstations.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="99999"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:GPRegistryMappedCategory>Windows Settings~Security Settings~Local Policies~Security Options</MSFT:GPRegistryMappedCategory>
<MSFT:GPRegistryMappedName>Microsoft network server: Amount of idle time required before suspending session</MSFT:GPRegistryMappedName>
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>MicrosoftNetworkServer_DigitallySignCommunicationsAlways</NodeName>
<DFProperties>
@ -63402,7 +63545,7 @@ This setting can affect the ability of computers running Windows 2000 Server, Wi
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>3</DefaultValue>
<Description>Network security LAN Manager authentication level
This security setting determines which challenge/response authentication protocol is used for network logons. This choice affects the level of authentication protocol used by clients, the level of session security negotiated, and the level of authentication accepted by servers as follows:
@ -63455,7 +63598,7 @@ Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2: Send
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>536870912</DefaultValue>
<Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) clients
This security setting allows a client to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
@ -63493,7 +63636,7 @@ Windows 7 and Windows Server 2008 R2: Require 128-bit encryption</Description>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<DefaultValue>536870912</DefaultValue>
<Description>Network security: Minimum session security for NTLM SSP based (including secure RPC) servers
This security setting allows a server to require the negotiation of 128-bit encryption and/or NTLMv2 session security. These values are dependent on the LAN Manager Authentication Level security setting value. The options are:
@ -65452,6 +65595,34 @@ The options are:
<MSFT:ConflictResolution>LowestValueMostSecureZeroHasNoLimits</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>DisablePrivacyExperience</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>Enabling this policy prevents the privacy experience from launching during user logon for new and upgraded users.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>OOBE.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>OOBE~AT~WindowsComponents~OOBE</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>DisablePrivacyExperience</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>EnableActivityFeed</NodeName>
<DFProperties>
@ -69810,12 +69981,12 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:SupportedValues low="0" high="3"></MSFT:SupportedValues>
<MSFT:NotSupportedOnPlatform>phone</MSFT:NotSupportedOnPlatform>
<MSFT:ADMXMapped>SmartScreen.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>SmartScreen~AT~WindowsComponents~SmartScreen~Shell</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>ConfigureAppInstallControl</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>HighestValueMostSecure</MSFT:ConflictResolution>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
@ -70823,6 +70994,34 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>AllowDeviceNameInDiagnosticData</NodeName>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DefaultValue>0</DefaultValue>
<Description>This policy allows the device name to be sent to Microsoft as part of Windows diagnostic data. If you disable or do not configure this policy setting, then device name will not be sent to Microsoft as part of Windows diagnostic data.</Description>
<DFFormat>
<int/>
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="0" high="1"></MSFT:SupportedValues>
<MSFT:ADMXMapped>DataCollection.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>AllowDeviceNameInDiagnosticData</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>DataCollection~AT~WindowsComponents~DataCollectionAndPreviewBuilds</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>AllowDeviceNameInDiagnosticData</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LowestValueMostSecure</MSFT:ConflictResolution>
</DFProperties>
</Node>
<Node>
<NodeName>AllowEmbeddedMode</NodeName>
<DFProperties>
@ -72934,7 +73133,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
<MSFT:SupportedValues low="0" high="30"></MSFT:SupportedValues>
<MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>EngagedRestartTransitionSchedule</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
@ -72962,7 +73161,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<DFType>
<MIME>text/plain</MIME>
</DFType>
<MSFT:SupportedValues low="2" high="30"></MSFT:SupportedValues>
<MSFT:SupportedValues low="0" high="30"></MSFT:SupportedValues>
<MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
<MSFT:ADMXMappedElement>EngagedRestartTransitionScheduleForFeatureUpdates</MSFT:ADMXMappedElement>
<MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
@ -73677,7 +73876,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
</DFProperties>
</Node>
<Node>
<NodeName>UpdateNotificationKioskMode</NodeName>
<NodeName>UpdateNotificationLevel</NodeName>
<DFProperties>
<AccessType>
<Get />
@ -73699,7 +73898,7 @@ Caution: If a Restricted Groups policy is applied, any current member not on the
<MSFT:SupportedValues low="0" high="2"></MSFT:SupportedValues>
<MSFT:ADMXMapped>WindowsUpdate.admx</MSFT:ADMXMapped>
<MSFT:ADMXCategory>WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat</MSFT:ADMXCategory>
<MSFT:ADMXPolicyName>UpdateNotificationKioskMode</MSFT:ADMXPolicyName>
<MSFT:ADMXPolicyName>UpdateNotificationLevel</MSFT:ADMXPolicyName>
<MSFT:ConflictResolution>LastWrite</MSFT:ConflictResolution>
</DFProperties>
</Node>

2
windows/client-management/mdm/reboot-csp.md
View File

@ -41,7 +41,7 @@ The following diagram shows the Reboot configuration service provider management
<p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p>
<a href="" id="schedule-dailyrecurrent"></a>**Schedule/DailyRecurrent**
<p style="margin-left: 20px">This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. For example: 2015-12-15T07:36:25Z</p>
<p style="margin-left: 20px">This node will execute a reboot each day at a scheduled time starting at the configured starting time and date. Setting a null (empty) date will delete the existing schedule. The date and time value is ISO8601, and both the date and time are required. The CSP will return the date time in the following format: 2018-06-29T10:00:00+01:00. </p>
<p style="margin-left: 20px">The supported operations are Get, Add, Replace, and Delete.</p>

8
windows/configuration/change-history-for-configure-windows-10.md
View File

@ -10,13 +10,19 @@ ms.localizationpriority: medium
author: jdeckerms
ms.author: jdecker
ms.topic: article
ms.date: 07/30/2018
ms.date: 08/03/2018
---
# Change history for Configure Windows 10
This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
## August 2018
New or changed topic | Description
--- | ---
[Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | Added instructions for specifying multiple URLs in configuration settings for Kiosk Browser.
## July 2018
New or changed topic | Description

17
windows/configuration/guidelines-for-assigned-access-app.md
View File

@ -9,7 +9,7 @@ author: jdeckerms
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
ms.date: 07/30/2018
ms.date: 08/03/2018
---
# Guidelines for choosing an app for assigned access (kiosk mode)
@ -59,14 +59,25 @@ In Windows 10, version 1803, you can install the **Kiosk Browser** app from Micr
Kiosk Browser settings | Use this setting to
--- | ---
Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. Separate multiple URLs using `&#xF000;`.<br><br>For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. Separate multiple URLs using `&#xF000;`.<br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. <br><br>For example, if you want people to be limited to `contoso.com` only, you would add `contoso.com` to blocked URL exception list and then block all other URLs.
Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. <br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL.
Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
>[!IMPORTANT]
>To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
>
> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
>2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
>3. Insert the null character string in between each URL (e.g www.bing.com&#xF000;www.contoso.com).
>4. Save the XML file.
>5. Open the project again in Windows Configuration Designer.
>6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
>[!TIP]
>To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](https://docs.microsoft.com/intune/custom-settings-windows-10) with the following information:
>- OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton

2
windows/configuration/kiosk-additional-reference.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

2
windows/configuration/kiosk-mdm-bridge.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

2
windows/configuration/kiosk-policies.md
View File

@ -8,7 +8,7 @@ ms.mktglfcycl: manage
ms.sitesec: library
ms.pagetype: edu, security
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
ms.author: jdecker
---

2
windows/configuration/kiosk-prepare.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

2
windows/configuration/kiosk-shelllauncher.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

2
windows/configuration/kiosk-single-app.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

2
windows/configuration/kiosk-validate.md
View File

@ -7,7 +7,7 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/30/2018
---

8
windows/configuration/setup-digital-signage.md
View File

@ -7,8 +7,8 @@ ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
author: jdeckerms
ms.localizationpriority: high
ms.date: 07/30/2018
ms.localizationpriority: medium
ms.date: 08/03/2018
---
# Set up digital signs on Windows 10
@ -61,6 +61,10 @@ This procedure explains how to configure digital signage using Kiosk Browser on
- In **BlockedUrl**, enter `*`.
- In **DefaultUrl**, enter `https://www.contoso.com/menu`.
- Set **EnableEndSessionButton**, **EnableHomeButton**, and **EnableNavigationButtons** to **No**.
>[!TIP]
>For more information on kiosk browser settings, see [Guidelines for web browsers](guidelines-for-assigned-access-app.md#guidelines-for-web-browsers).
13. On the **File** menu, select **Save**, and select **OK** in the **Keep your info secure** dialog box.
14. On the **Export** menu, select **Provisioning package**.
15. Change the **Owner** to **IT Admin**, and select **Next**.

14
windows/configuration/wcd/wcd-policies.md
View File

@ -8,7 +8,7 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
ms.date: 04/30/2018
ms.date: 08/03/2018
---
# Policies (Windows Configuration Designer reference)
@ -290,13 +290,21 @@ These settings apply to the **Kiosk Browser** app available in Microsoft Store.
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
[BlockedUrlExceptions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). Separate multiple URLs using `&#xF000;`. This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | X | | | | |
[BlockedUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). Separate multiple URLs using `&#xF000;`. This is used to configure blocked URLs kiosk browsers cannot navigate to. | X | | | | |
[BlockedUrlExceptions](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | X | | | | |
[BlockedUrls](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | X | | | | |
[DefaultURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | X | | | | |
[EnableHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | X | | | | |
[EnableNavigationButtons](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | X | | | | |
[RestartOnIdleTime](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | X | | | | |
To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18).
3. Insert the null character string in between each URL (e.g www.bing.com&#xF000;www.contoso.com).
4. Save the XML file.
5. Open the project again in Windows Configuration Designer.
6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
## Location

2
windows/deployment/update/windows-analytics-FAQ-troubleshooting.md
View File

@ -9,7 +9,7 @@ ms.pagetype: deploy
author: jaimeo
ms.author: jaimeo
ms.date: 07/20/2018
ms.localizationpriority: high
ms.localizationpriority: medium
---
# Frequently asked questions and troubleshooting Windows Analytics

2
windows/deployment/upgrade/setupdiag.md
View File

@ -8,7 +8,7 @@ ms.sitesec: library
ms.pagetype: deploy
author: greg-lindsay
ms.date: 07/18/2018
ms.localizationpriority: high
ms.localizationpriority: medium
---
# SetupDiag

2
windows/deployment/windows-autopilot/add-devices.md
View File

@ -4,7 +4,7 @@ description: How to add devices to Windows Autopilot
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/configure-autopilot.md
View File

@ -4,7 +4,7 @@ description: How to configure Windows Autopilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/enrollment-status.md
View File

@ -7,7 +7,7 @@ ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: high
ms.localizationpriority: medium
author: coreyp-at-msft
ms.author: coreyp
ms.date: 06/01/2018

2
windows/deployment/windows-autopilot/profiles.md
View File

@ -4,7 +4,7 @@ description: How to configure Windows Autopilot deployment
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/rip-and-replace.md
View File

@ -4,7 +4,7 @@ description: Listing of Autopilot scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/self-deploying.md
View File

@ -7,7 +7,7 @@ ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: high
ms.localizationpriority: medium
author: coreyp-at-msft
ms.author: coreyp
ms.date: 06/01/2018

2
windows/deployment/windows-autopilot/troubleshooting.md
View File

@ -4,7 +4,7 @@ description: This topic goes over Windows Autopilot and how it helps setup OOBE
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/user-driven-aad.md
View File

@ -4,7 +4,7 @@ description: Listing of Autopilot scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/user-driven-hybrid.md
View File

@ -4,7 +4,7 @@ description: Listing of Autopilot scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: low
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/user-driven.md
View File

@ -4,7 +4,7 @@ description: Canonical Autopilot scenario
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/windows-autopilot-requirements-configuration.md
View File

@ -4,7 +4,7 @@ description: This topic goes over Windows Autopilot and how it helps setup OOBE
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

2
windows/deployment/windows-autopilot/windows-autopilot-reset-local.md
View File

@ -7,7 +7,7 @@ ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: high
ms.localizationpriority: medium
author: coreyp-at-msft
ms.author: coreyp
ms.date: 06/01/2018

2
windows/deployment/windows-autopilot/windows-autopilot-reset-remote.md
View File

@ -7,7 +7,7 @@ ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: high
ms.localizationpriority: medium
author: coreyp-at-msft
ms.author: coreyp
ms.date: 06/01/2018

2
windows/deployment/windows-autopilot/windows-autopilot-reset.md
View File

@ -7,7 +7,7 @@ ms.technology: Windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype:
ms.localizationpriority: high
ms.localizationpriority: medium
author: coreyp-at-msft
ms.author: coreyp
ms.date: 06/01/2018

2
windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
View File

@ -4,7 +4,7 @@ description: Listing of Autopilot scenarios
keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
ms.prod: w10
ms.mktglfcycl: deploy
ms.localizationpriority: high
ms.localizationpriority: medium
ms.sitesec: library
ms.pagetype: deploy
author: coreyp-at-msft

4
windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
View File

@ -67,7 +67,7 @@ The Windows Hello for Business Group Policy object delivers the correct Group Po
#### Enable Windows Hello for Business
The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should be attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled.
The Enable Windows Hello for Business Group Policy setting is the configuration needed for Windows to determine if a user should attempt to enroll for Windows Hello for Business. A user will only attempt enrollment if this policy setting is configured to enabled.
You can configure the Enable Windows Hello for Business Group Policy setting for computer or users. Deploying this policy setting to computers results in ALL users that sign-in that computer to attempt a Windows Hello for Business enrollment. Deploying this policy setting to a user results in only that user attempting a Windows Hello for Business enrollment. Additionally, you can deploy the policy setting to a group of users so only those users attempt a Windows Hello for Business enrollment. If both user and computer policy settings are deployed, the user policy setting has precedence.
@ -163,7 +163,7 @@ Users must receive the Windows Hello for Business group policy settings and have
## Follow the Windows Hello for Business hybrid key trust deployment guide
1. [Overview](hello-hybrid-cert-trust.md)
2. [Prerequistes](hello-hybrid-key-trust-prereqs.md)
2. [Prerequisites](hello-hybrid-key-trust-prereqs.md)
3. [New Installation Baseline](hello-hybrid-key-new-install.md)
4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)

2
windows/security/threat-protection/security-policy-settings/network-security-allow-local-system-to-use-computer-identity-for-ntlm.md
View File

@ -26,7 +26,7 @@ When a service connects with the device identity, signing and encryption are sup
### Possible values
| Setting | Windows Server 2008 and Windows Vista | At least Windows Server 2008 R2 and Windows 7 |
| - | - |
| - | - | - |
| Enabled | Services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.| Services running as Local System that use Negotiate will use the computer identity. This is the default behavior. |
| Disabled| Services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously. This is the default behavior.| Services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously.|
|Neither|Services running as Local System that use Negotiate when reverting to NTLM authentication will authenticate anonymously. | Services running as Local System that use Negotiate will use the computer identity. This might cause some authentication requests between Windows operating systems to fail and log an error.|

2
windows/security/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/16/2018
---

2
windows/security/threat-protection/windows-defender-atp/find-machine-info-by-ip-windows-defender-advanced-threat-protection.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/25/2018
---

2
windows/security/threat-protection/windows-defender-atp/minimum-requirements-windows-defender-advanced-threat-protection.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/01/2018
---

2
windows/security/threat-protection/windows-defender-atp/onboard-configure-windows-defender-advanced-threat-protection.md
View File

@ -9,7 +9,7 @@ ms.sitesec: library
ms.pagetype: security
ms.author: macapara
author: mjcaparas
ms.localizationpriority: high
ms.localizationpriority: medium
ms.date: 07/01/2018
---