From b1f64b9026fb742b6cd857febad3907c5e9ae3c5 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 16 Aug 2022 15:48:18 -0700 Subject: [PATCH 01/28] remove unused docsets --- bcs/docfx.json | 56 ------------------- devices/hololens/docfx.json | 75 -------------------------- devices/surface-hub/docfx.json | 63 ---------------------- devices/surface/docfx.json | 59 -------------------- gdpr/docfx.json | 55 ------------------- mdop/docfx.json | 63 ---------------------- windows/access-protection/docfx.json | 61 --------------------- windows/configure/docfx.json | 57 -------------------- windows/deploy/docfx.json | 56 ------------------- windows/device-security/docfx.json | 61 --------------------- windows/eulas/docfx.json | 57 -------------------- windows/keep-secure/docfx.json | 57 -------------------- windows/known-issues/docfx.json | 58 -------------------- windows/manage/TOC.yml | 2 - windows/manage/docfx.json | 56 ------------------- windows/manage/test.md | 19 ------- windows/plan/docfx.json | 56 ------------------- windows/release-information/docfx.json | 61 --------------------- windows/threat-protection/docfx.json | 62 --------------------- windows/update/docfx.json | 56 ------------------- 20 files changed, 1090 deletions(-) delete mode 100644 bcs/docfx.json delete mode 100644 devices/hololens/docfx.json delete mode 100644 devices/surface-hub/docfx.json delete mode 100644 devices/surface/docfx.json delete mode 100644 gdpr/docfx.json delete mode 100644 mdop/docfx.json delete mode 100644 windows/access-protection/docfx.json delete mode 100644 windows/configure/docfx.json delete mode 100644 windows/deploy/docfx.json delete mode 100644 windows/device-security/docfx.json delete mode 100644 windows/eulas/docfx.json delete mode 100644 windows/keep-secure/docfx.json delete mode 100644 windows/known-issues/docfx.json delete mode 100644 windows/manage/TOC.yml delete mode 100644 windows/manage/docfx.json delete mode 100644 windows/manage/test.md delete mode 100644 windows/plan/docfx.json delete mode 100644 windows/release-information/docfx.json delete mode 100644 windows/threat-protection/docfx.json delete mode 100644 windows/update/docfx.json diff --git a/bcs/docfx.json b/bcs/docfx.json deleted file mode 100644 index f1384ac71a..0000000000 --- a/bcs/docfx.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/microsoft-365/business/breadcrumb/toc.json", - "extendBreadcrumb": true, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "bcs-vsts", - "markdownEngineName": "dfm" - } -} \ No newline at end of file diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json deleted file mode 100644 index 017aa6750e..0000000000 --- a/devices/hololens/docfx.json +++ /dev/null @@ -1,75 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/**.yml" - ], - "exclude": [ - "**/obj/**", - "devices/hololens/**", - "**/includes/**" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg", - "**/*.gif" - ], - "exclude": [ - "**/obj/**", - "devices/hololens/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/hololens/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "audience": "ITPro", - "manager": "dansimp", - "ms.date": "04/05/2017", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "Win.itpro-hololens", - "folder_relative_path_in_docset": "./" - } - - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "devices/hololens", - "markdownEngineName": "markdig" - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "Kellylorenebaker", - "jborsecnik", - "tiburd", - "garycentric" - ] -} diff --git a/devices/surface-hub/docfx.json b/devices/surface-hub/docfx.json deleted file mode 100644 index a9772d7b8c..0000000000 --- a/devices/surface-hub/docfx.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/**.md", - "**/**.yml" - ], - "exclude": [ - "**/obj/**" - ] - } - ], - "resource": [ - { - "files": [ - "**/images/**", - "**/*.pptx", - "**/*.pdf" - ], - "exclude": [ - "**/obj/**" - ] - } - ], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/surface-hub/breadcrumb/toc.json", - "ROBOTS": "INDEX, FOLLOW", - "ms.technology": "windows", - "audience": "ITPro", - "ms.topic": "article", - "manager": "dansimp", - "ms.mktglfcycl": "manage", - "ms.sitesec": "library", - "ms.date": "05/23/2017", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "Win.surface-hub", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "Kellylorenebaker", - "jborsecnik", - "tiburd", - "garycentric" - ], - "titleSuffix": "Surface Hub" - }, - "externalReference": [], - "template": "op.html", - "dest": "devices/surface-hub", - "markdownEngineName": "markdig" - } -} diff --git a/devices/surface/docfx.json b/devices/surface/docfx.json deleted file mode 100644 index f11706aa9d..0000000000 --- a/devices/surface/docfx.json +++ /dev/null @@ -1,59 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/**.md", - "**/**.yml" - ], - "exclude": [ - "**/obj/**" - ] - } - ], - "resource": [ - { - "files": [ - "**/images/**" - ], - "exclude": [ - "**/obj/**" - ] - } - ], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/surface/breadcrumb/toc.json", - "ROBOTS": "INDEX, FOLLOW", - "ms.technology": "windows", - "audience": "ITPro", - "ms.topic": "article", - "manager": "dansimp", - "ms.date": "05/09/2017", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "Win.surface", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "Kellylorenebaker", - "jborsecnik", - "tiburd", - "garycentric" - ], - "titleSuffix": "Surface" - }, - "externalReference": [], - "template": "op.html", - "dest": "devices/surface", - "markdownEngineName": "markdig" -} -} diff --git a/gdpr/docfx.json b/gdpr/docfx.json deleted file mode 100644 index d786f46f58..0000000000 --- a/gdpr/docfx.json +++ /dev/null @@ -1,55 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "author": "eross-msft", - "ms.author": "lizross", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "gdpr", - "markdownEngineName": "dfm" - } -} \ No newline at end of file diff --git a/mdop/docfx.json b/mdop/docfx.json deleted file mode 100644 index 6ff865c683..0000000000 --- a/mdop/docfx.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/**.md", - "**/**.yml" - ], - "exclude": [ - "**/obj/**" - ] - } - ], - "resource": [ - { - "files": [ - "**/images/**" - ], - "exclude": [ - "**/obj/**" - ] - } - ], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/microsoft-desktop-optimization-pack/breadcrumb/toc.json", - "ROBOTS": "INDEX, FOLLOW", - "ms.technology": "windows", - "audience": "ITPro", - "manager": "dansimp", - "ms.prod": "w10", - "ms.author": "dansimp", - "author": "dansimp", - "ms.sitesec": "library", - "ms.topic": "article", - "ms.date": "04/05/2017", - "feedback_system": "GitHub", - "feedback_github_repo": "https://github.com/MicrosoftDocs/mdop-docs", - "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "Win.mdop", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "Kellylorenebaker", - "jborsecnik", - "tiburd", - "garycentric" - ], - "titleSuffix": "Microsoft Desktop Optimization Pack" - }, - "externalReference": [], - "template": "op.html", - "dest": "mdop", - "markdownEngineName": "markdig" - } -} diff --git a/windows/access-protection/docfx.json b/windows/access-protection/docfx.json deleted file mode 100644 index 35b82f4d89..0000000000 --- a/windows/access-protection/docfx.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg", - "**/*.gif" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "audience": "ITPro", - "ms.topic": "article", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-access-protection", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "win-access-protection", - "markdownEngineName": "markdig" - } -} diff --git a/windows/configure/docfx.json b/windows/configure/docfx.json deleted file mode 100644 index 3ecf9e6104..0000000000 --- a/windows/configure/docfx.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "feedback_system": "None", - "hideEdit": true, - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.windows-configure" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "windows-configure", - "markdownEngineName": "markdig" - } -} diff --git a/windows/deploy/docfx.json b/windows/deploy/docfx.json deleted file mode 100644 index 24a5e3b0ff..0000000000 --- a/windows/deploy/docfx.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.windows-deploy", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "windows-deploy", - "markdownEngineName": "markdig" - } -} diff --git a/windows/device-security/docfx.json b/windows/device-security/docfx.json deleted file mode 100644 index ce2b043c43..0000000000 --- a/windows/device-security/docfx.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg", - "**/*.gif" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "ms.date": "04/05/2017", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-device-security", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "win-device-security", - "markdownEngineName": "markdig" - } -} diff --git a/windows/eulas/docfx.json b/windows/eulas/docfx.json deleted file mode 100644 index 2834682ce7..0000000000 --- a/windows/eulas/docfx.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/windows/eulas/breadcrumb/toc.json", - "extendBreadcrumb": true, - "feedback_system": "None", - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "eula-vsts", - "markdownEngineName": "markdig" - } -} \ No newline at end of file diff --git a/windows/keep-secure/docfx.json b/windows/keep-secure/docfx.json deleted file mode 100644 index aa250a2f5c..0000000000 --- a/windows/keep-secure/docfx.json +++ /dev/null @@ -1,57 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "feedback_system": "None", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.keep-secure", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "keep-secure", - "markdownEngineName": "markdig" - } -} diff --git a/windows/known-issues/docfx.json b/windows/known-issues/docfx.json deleted file mode 100644 index 2119242b44..0000000000 --- a/windows/known-issues/docfx.json +++ /dev/null @@ -1,58 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "feedback_system": "GitHub", - "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", - "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "known-issues", - "markdownEngineName": "markdig" - } -} \ No newline at end of file diff --git a/windows/manage/TOC.yml b/windows/manage/TOC.yml deleted file mode 100644 index 892ce64421..0000000000 --- a/windows/manage/TOC.yml +++ /dev/null @@ -1,2 +0,0 @@ -- name: Test - href: test.md diff --git a/windows/manage/docfx.json b/windows/manage/docfx.json deleted file mode 100644 index c5275101bf..0000000000 --- a/windows/manage/docfx.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.windows-manage", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "windows-manage", - "markdownEngineName": "markdig" - } -} diff --git a/windows/manage/test.md b/windows/manage/test.md deleted file mode 100644 index 36d16a3f6b..0000000000 --- a/windows/manage/test.md +++ /dev/null @@ -1,19 +0,0 @@ ---- -title: Test -description: Test -ms.prod: w11 -ms.mktglfcycl: deploy -ms.sitesec: library -author: dstrome -ms.author: dstrome -ms.reviewer: -manager: dstrome -ms.topic: article ---- - -# Test - -## Deployment planning - -This article provides guidance to help you plan for Windows 11 in your organization. - diff --git a/windows/plan/docfx.json b/windows/plan/docfx.json deleted file mode 100644 index 9a47bdcced..0000000000 --- a/windows/plan/docfx.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.windows-plan", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "windows-plan", - "markdownEngineName": "markdig" - } -} diff --git a/windows/release-information/docfx.json b/windows/release-information/docfx.json deleted file mode 100644 index c5cbdfb50a..0000000000 --- a/windows/release-information/docfx.json +++ /dev/null @@ -1,61 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "_themes/**", - "_themes.pdf/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/windows/release-information/breadcrumb/toc.json", - "ms.prod": "w10", - "ms.date": "4/30/2019", - "audience": "ITPro", - "titleSuffix": "Windows Release Information", - "extendBreadcrumb": true, - "feedback_system": "None", - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "release-information", - "markdownEngineName": "markdig" - } -} diff --git a/windows/threat-protection/docfx.json b/windows/threat-protection/docfx.json deleted file mode 100644 index 5f30884997..0000000000 --- a/windows/threat-protection/docfx.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg", - "**/*.gif" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json", - "ms.technology": "windows", - "ms.topic": "article", - "audience": "ITPro", - "ms.date": "04/05/2017", - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.win-threat-protection", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "win-threat-protection", - "markdownEngineName": "markdig" - } -} diff --git a/windows/update/docfx.json b/windows/update/docfx.json deleted file mode 100644 index d577905730..0000000000 --- a/windows/update/docfx.json +++ /dev/null @@ -1,56 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "**/includes/**", - "README.md", - "LICENSE", - "LICENSE-CODE", - "ThirdPartyNotices" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "MSDN.windows-update", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "jborsecnik", - "tiburd", - "garycentric" - ] - }, - "fileMetadata": {}, - "template": [], - "dest": "windows-update", - "markdownEngineName": "markdig" - } -} From 376d38c23b6e0375a53aeb0668191c4f4054b9b4 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 16 Aug 2022 15:55:37 -0700 Subject: [PATCH 02/28] configure feedback --- windows/application-management/docfx.json | 12 ++++++++---- windows/configuration/docfx.json | 13 +++++++++---- windows/deployment/update/check-release-health.md | 1 - 3 files changed, 17 insertions(+), 9 deletions(-) diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json index 88a99ecd24..927edfe00e 100644 --- a/windows/application-management/docfx.json +++ b/windows/application-management/docfx.json @@ -36,10 +36,10 @@ "breadcrumb_path": "/windows/resources/breadcrumb/toc.json", "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", - "audience": "ITPro", "ms.topic": "article", - "ms.author": "elizapo", - "feedback_system": "None", + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.win-app-management", @@ -58,7 +58,11 @@ ], "searchScope": ["Windows 10"] }, - "fileMetadata": {}, + "fileMetadata": { + "feedback_system": { + "app-v/**/*.*": "None" + } + }, "template": [], "dest": "win-app-management", "markdownEngineName": "markdig" diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json index 18a8bd0b88..b11d07e93f 100644 --- a/windows/configuration/docfx.json +++ b/windows/configuration/docfx.json @@ -36,10 +36,10 @@ "breadcrumb_path": "/windows/resources/breadcrumb/toc.json", "uhfHeaderId": "MSDocsHeader-M365-IT", "ms.technology": "windows", - "audience": "ITPro", "ms.topic": "article", - "feedback_system": "None", - "hideEdit": false, + "feedback_system": "GitHub", + "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs", + "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332", "_op_documentIdPathDepotMapping": { "./": { "depot_name": "MSDN.win-configuration", @@ -58,7 +58,12 @@ ], "searchScope": ["Windows 10"] }, - "fileMetadata": {}, + "fileMetadata": { + "feedback_system": { + "ue-v/**/*.*": "None", + "cortana-at-work/**/*.*": "None" + } + }, "template": [], "dest": "win-configuration", "markdownEngineName": "markdig" diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md index 8b93291b64..c6b984340b 100644 --- a/windows/deployment/update/check-release-health.md +++ b/windows/deployment/update/check-release-health.md @@ -22,7 +22,6 @@ search.appverid: - BCS160 - IWA160 description: "Check the release health status of Microsoft 365 services before you call support to see if there is an active service interruption." -feedback_system: none --- # How to check Windows release health From 9cdea2c92d06567c33ab4eddb7365d5e5c940e1c Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 16 Aug 2022 16:27:59 -0700 Subject: [PATCH 03/28] Acrolinx --- .../deployment/update/check-release-health.md | 75 ++++++++++--------- 1 file changed, 38 insertions(+), 37 deletions(-) diff --git a/windows/deployment/update/check-release-health.md b/windows/deployment/update/check-release-health.md index c6b984340b..cbcb7c8acb 100644 --- a/windows/deployment/update/check-release-health.md +++ b/windows/deployment/update/check-release-health.md @@ -1,11 +1,14 @@ --- -title: "How to check Windows release health" +title: How to check Windows release health +description: Check the release health status of Microsoft 365 services before you call support to see if there's an active service interruption. +ms.date: 08/16/2022 ms.author: v-nishmi author: DocsPreview manager: jren -ms.topic: article +ms.reviewer: mstewart +ms.topic: how-to ms.prod: w10 -localization_priority: Normal +localization_priority: medium ms.custom: - Adm_O365 - 'O365P_ServiceHealthModern' @@ -21,36 +24,35 @@ search.appverid: - MOE150 - BCS160 - IWA160 -description: "Check the release health status of Microsoft 365 services before you call support to see if there is an active service interruption." --- # How to check Windows release health -The Windows release health page in the Microsoft 365 admin center enables you to view the latest information on known issues for Windows monthly and feature updates. A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The Windows release health page is designed to inform you about known issues so you can troubleshoot issues your users may be experiencing and/or to determine when, and at what scale, to deploy an update in your organization. +The Windows release health page in the Microsoft 365 admin center enables you to view the latest information on known issues for Windows monthly and feature updates. A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The Windows release health page is designed to inform you about known issues. You can use this information to troubleshoot issues your users may be experiencing. You can also determine when, and at what scale, to deploy an update in your organization. -If you are unable to sign in to the Microsoft 365 admin portal, check the [Microsoft 365 service health](https://status.office365.com) status page to check for known issues preventing you from logging into your tenant. +If you're unable to sign in to the Microsoft 365 admin portal, check the [Microsoft 365 service health](https://status.office365.com) status page to check for known issues preventing you from signing into your tenant. -To be informed about the latest updates and releases, follow us on Twitter [@WindowsUpdate](https://twitter.com/windowsupdate). +To be informed about the latest updates and releases, follow [@WindowsUpdate](https://twitter.com/windowsupdate) on Twitter. ## How to review Windows release health information -1. Go to the Microsoft 365 admin center at [https://admin.microsoft.com](https://go.microsoft.com/fwlink/p/?linkid=2024339), and sign in with an administrator account. +1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com), and sign in with an administrator account. > [!NOTE] - > By default, the Windows release health page is available to individuals who have been assigned the global admin or service administrator role for their tenant. To allow Exchange, SharePoint, and Skype for Business admins to view the Windows release health page, you must first assign them to a Service admin role. For more information about roles that can view service health, see [About admin roles](/microsoft-365/admin/add-users/about-admin-roles?view=o365-worldwide&preserve-view=true#roles-available-in-the-microsoft-365-admin-center). + > By default, the Windows release health page is available to individuals who have been assigned the global admin or service administrator role for their tenant. To allow Exchange, SharePoint, and Skype for Business admins to view the Windows release health page, you must first assign them to a Service admin role. For more information about roles that can view service health, see [About admin roles](/microsoft-365/admin/add-users/about-admin-roles#commonly-used-microsoft-365-admin-center-roles). 2. To view Windows release health in the Microsoft 365 Admin Center, go to **Health > Windows release health**. -3. On the **Windows release health** page, you will have access to known issue information for all supported versions of the Windows operating system. +3. On the **Windows release health** page, you'll have access to known issue information for all supported versions of the Windows operating system. The **All versions** tab (the default view) shows all Windows products with access to their posted known issues. ![View of current issues in release health.](images/WRH-menu.png) - A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The **Active and recently resolved** column provides a link to the **Known issues** tab filtered to the version selected. Selecting the **Known issues** tab will show known issues that are active or resolved within the last 30 days. - + A known issue is an issue that has been identified in a Windows monthly update or feature update that impacts Windows devices. The **Active and recently resolved** column provides a link to the **Known issues** tab filtered to the version selected. Selecting the **Known issues** tab will show known issues that are active or resolved within the last 30 days. + ![View of known issues in release health.](images/WRH-known-issues-20H2.png) - + The **History** tab shows the history of known issues that have been resolved for up to 6 months. ![View of history issues in release health.](images/WRH-history-20H2.png) @@ -63,24 +65,23 @@ To be informed about the latest updates and releases, follow us on Twitter [@Win - **Originating KB** - The KB number where the issue was first identified. - **Originating build** - The build number for the KB. - Select the **Issue title** to access more information, including a link to the history of all status updates posted while we work on a solution. Here is an example: + Select the **Issue title** to access more information, including a link to the history of all status updates posted while we work on a solution. For example: ![A screenshot showing issue details.](images/WRH-known-issue-detail.png) - + ## Status definitions In the **Windows release health** experience, every known issue is assigned as status. Those statuses are defined as follows: - | Status | Definition | |:-----|:-----| -|**Reported** | An issue has been brought to the attention of the Windows teams. At this stage, there is no confirmation that users are affected. | -|**Investigating** | The issue is believed to affect users and efforts are underway to gather more information about the issue’s scope of impact, mitigation steps, and root cause. | -|**Confirmed** | After close review, Microsoft teams have determined the issue is affecting Windows users, and progress is being made on mitigation steps and root cause. | +|**Reported** | An issue has been brought to the attention of the Windows teams. At this stage, there's no confirmation that users are affected. | +|**Investigating** | The issue is believed to affect users and efforts are underway to gather more information about the issue's scope, mitigation steps, and root cause. | +|**Confirmed** | After close review, Microsoft has determined the issue is affecting Windows users, and progress is being made on mitigation steps and root cause. | |**Mitigated** | A workaround is available and communicated to Windows customers for a known issue. A known issue will stay in this state until a KB article is released by Microsoft to resolve the known issue. | |**Mitigated: External** | A workaround is available and communicated to Windows customers for a known issue that was caused by a software or driver from a third-party software or device manufacturer. A known issue will stay in this state until the issue is resolved by Microsoft or the third-party. | -|**Resolved** | A solution has been released by Microsoft and has been documented in a KB article that will resolve the known issue once it’s deployed in the customer’s environment. | -|**Resolved: External** | A solution has been released by a Microsoft or a third-party that will resolve the known issue once it’s deployed in the customer’s environment. | +|**Resolved** | A solution has been released by Microsoft and has been documented in a KB article that will resolve the known issue once it's deployed in the customer's environment. | +|**Resolved: External** | A solution has been released by a Microsoft or a third-party that will resolve the known issue once it's deployed in the customer's environment. | ## Known issue history @@ -96,29 +97,29 @@ A list of all status updates posted in the selected timeframe will be displayed, ### Windows release health coverage -- **What is Windows release health?** +- **What is Windows release health?** Windows release health is a Microsoft informational service created to keep licensed Windows customers aware of identified known issues and important announcements. - **Microsoft 365 service health content is specific to my tenants and services. Is the content in Windows release health specific to my Windows environment?** - Windows release health does not monitor user environments or collect customer environment information. In Windows release health, all known issue content across all supported Windows versions is published to all subscribed customers. Future iterations of the solution may target content based on customer location, industry, or Windows version. + Windows release health doesn't monitor user environments or collect customer environment information. In Windows release health, all known issue content across all supported Windows versions is published to all subscribed customers. Future iterations of the solution may target content based on customer location, industry, or Windows version. - **Where do I find Windows release health?** - After logging into Microsoft 365 admin center, expand the left-hand menu using **…Show All**, click **Health** and you’ll see **Windows release health**. + After logging into Microsoft 365 admin center, expand the left-hand menu using **…Show All**, select **Health** and you'll see **Windows release health**. - **Is the Windows release health content published to Microsoft 365 admin center the same as the content on Windows release health on Docs.microsoft.com?** - No. While the content is similar, you may see more issues and more technical details published to Windows release health on Microsoft 365 admin center to better support the IT admin. For example, you’ll find details to help you diagnose issues in your environment, steps to mitigate issues, and root cause analysis. + No. While the content is similar, you may see more issues and technical details published to Windows release health on Microsoft 365 admin center to better support the IT admin. For example, you'll find details to help you diagnose issues in your environment, steps to mitigate issues, and root cause analysis. - **How often will content be updated?** - In an effort to ensure Windows customers have important information as soon as possible, all major known issues will be shared with Windows customers on both Docs.microsoft.com and the Microsoft 365 admin center. We may also update the details available for Windows release health in the Microsoft 365 admin center when we have additional details on workarounds, root cause, or other information to help you plan for updates and handle issues in your environment. + To ensure Windows customers have important information as soon as possible, all major known issues will be shared with Windows customers on both Docs.microsoft.com and the Microsoft 365 admin center. We may also update the details available for Windows release health in the Microsoft 365 admin center when we have more details on workarounds, root cause, or other information to help you plan for updates and handle issues in your environment. - **Can I share this content publicly or with other Windows customers?** - Windows release health is provided to you as a licensed Windows customer and is not to be shared publicly. + Windows release health is provided to you as a licensed Windows customer and isn't to be shared publicly. - **Is the content redundant? How is the content organized in the different tabs?** - Windows release health provides three tabs. The landing **All versions** tab allows you to click into a specific version of Windows. The Known issues tab shows the list of issues that are active or resolved in the past 30 days. The History tab shows a six-month history of known issues that have been resolved. + Windows release health provides three tabs. The landing **All versions** tab allows you to select a specific version of Windows. The **Known issues** tab shows the list of issues that are active or resolved in the past 30 days. The **History** tab shows a six-month history of known issues that have been resolved. -- **How do I find information for the versions of Windows I’m managing?** - On the **All versions** tab, you can select any Windows version. This will take you to the Known issues tab filtered for the version you selected. The known issues tab provides the list of active known issues and those resolved in the last 30 days. This selection persists throughout your session until changed. From the History tab you can view the list of resolved issues for that version. To change versions, use the filter in the tab. +- **How do I find information for the versions of Windows I'm managing?** + On the **All versions** tab, you can select any Windows version. This action takes you to the **Known issues** tab filtered for the version you selected. The **Known issues** tab provides the list of active known issues and the issues resolved in the last 30 days. This selection persists throughout your session until changed. From the **History** tab, you can view the list of resolved issues for that version. To change versions, use the filter in the tab. ### Microsoft 365 Admin Center functions @@ -126,13 +127,13 @@ A list of all status updates posted in the selected timeframe will be displayed, You can search Microsoft 365 admin center pages using keywords. For Windows release health, go to the desired product page and search using KB numbers, build numbers, or keywords. - **How do I add other Windows admins?** - Using the left-hand menu, go to Users, then select the Active Users tab and follow the prompts to add a new user, or assign an existing user, to the role of “Service Support admin.” + Using the left-hand menu, go to Users, then select the Active Users tab and follow the prompts to add a new user, or assign an existing user, to the role of **Service Support admin**. -- **Why can’t I click to the KB article from the Known issues or History tabs?** - Within the issue description, you’ll find links to the KB articles. In the Known issue and History tabs, the entire row is a clickable entry to the issue’s Details pane. +- **Why can't I click to the KB article from the Known issues or History tabs?** + Within the issue description, you'll find links to the KB articles. In the Known issue and History tabs, the entire row is a clickable entry to the issue's Details pane. -- **Microsoft 365 admin center has a mobile app but I don’t see Windows release health under the Health menu. Is this an open issue?** - We are working to build the Windows release health experience on mobile devices in a future release. +- **Microsoft 365 admin center has a mobile app but I don't see Windows release health under the Health menu. Is this an open issue?** + We're working to build the Windows release health experience on mobile devices in a future release. ### Help and support @@ -140,7 +141,7 @@ A list of all status updates posted in the selected timeframe will be displayed, Seek assistance through Premier support, the [Microsoft Support website](https://support.microsoft.com), or connect with your normal channels for Windows support. - **When reaching out to Support, they asked me for an advisory ID. What is this and where can it?** - The advisory ID can be found in the upper left-hand corner of the known issue Details pane. To find it, select the Known issue you’re seeking help on, click the Details pane and you’ll find the ID under the issue title. It will be the letters WI followed by a number, similar to “WI123456”. + The advisory ID can be found in the upper left-hand corner of the known issue Details pane. To find it, select the known issue you're seeking help on, select the **Details** pane, and you'll find the ID under the issue title. It will be the letters `WI` followed by a number, similar to `WI123456`. - **How can I learn more about expanding my use of Microsoft 365 admin center?** - To learn more, see the [Microsoft 365 admin center documentation](/microsoft-365/admin/admin-overview/about-the-admin-center). + For more information, see the [Microsoft 365 admin center documentation](/microsoft-365/admin/admin-overview/about-the-admin-center). From e6e9bb7564520ac838ece3e04c655182c1ccb364 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 16 Aug 2022 16:28:37 -0700 Subject: [PATCH 04/28] remove unused docset --- smb/docfx.json | 63 ----------------------------- smb/includes/smb-content-updates.md | 11 ----- 2 files changed, 74 deletions(-) delete mode 100644 smb/docfx.json delete mode 100644 smb/includes/smb-content-updates.md diff --git a/smb/docfx.json b/smb/docfx.json deleted file mode 100644 index 15de5f0bb4..0000000000 --- a/smb/docfx.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "build": { - "content": [ - { - "files": [ - "**/*.md", - "**/*.yml" - ], - "exclude": [ - "**/obj/**", - "smb/**", - "**/includes/**" - ] - } - ], - "resource": [ - { - "files": [ - "**/*.png", - "**/*.jpg" - ], - "exclude": [ - "**/obj/**", - "smb/**", - "**/includes/**" - ] - } - ], - "overwrite": [], - "externalReference": [], - "globalMetadata": { - "recommendations": true, - "breadcrumb_path": "/windows/smb/breadcrumb/toc.json", - "uhfHeaderId": "MSDocsHeader-M365-IT", - "feedback_system": "None", - "hideEdit": true, - "_op_documentIdPathDepotMapping": { - "./": { - "depot_name": "TechNet.smb", - "folder_relative_path_in_docset": "./" - } - }, - "contributors_to_exclude": [ - "rjagiewich", - "traya1", - "rmca14", - "claydetels19", - "Kellylorenebaker", - "jborsecnik", - "tiburd", - "AngelaMotherofDragons", - "dstrome", - "v-dihans", - "garycentric" - ], - "titleSuffix": "Windows for Small to Midsize Business" - }, - "fileMetadata": {}, - "template": [], - "dest": "smb", - "markdownEngineName": "markdig" - } -} diff --git a/smb/includes/smb-content-updates.md b/smb/includes/smb-content-updates.md deleted file mode 100644 index 4414b9e00b..0000000000 --- a/smb/includes/smb-content-updates.md +++ /dev/null @@ -1,11 +0,0 @@ - - - - -## Week of July 18, 2022 - - -| Published On |Topic title | Change | -|------|------------|--------| -| 7/22/2022 | Deploy and manage a full cloud IT solution for your business | removed | -| 7/22/2022 | Windows 10/11 for small to midsize businesses | removed | From 76520f0133e9a9480f8a163efde38ee09ec63fae Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 15 Sep 2022 10:43:05 -0400 Subject: [PATCH 05/28] 6444738_Kiosk_Mode --- windows/configuration/lock-down-windows-11-to-specific-apps.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/configuration/lock-down-windows-11-to-specific-apps.md diff --git a/windows/configuration/lock-down-windows-11-to-specific-apps.md b/windows/configuration/lock-down-windows-11-to-specific-apps.md new file mode 100644 index 0000000000..e69de29bb2 From e9f3cf414f6edb719e0c32142c59bb2572250f87 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 15 Sep 2022 11:32:08 -0400 Subject: [PATCH 06/28] update links --- .../supported-csp-start-menu-layout-windows.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md index cc9735faab..11def3bd66 100644 --- a/windows/configuration/supported-csp-start-menu-layout-windows.md +++ b/windows/configuration/supported-csp-start-menu-layout-windows.md @@ -14,6 +14,7 @@ ms.localizationpriority: medium **Applies to**: - Windows 11 +- Windows 11, version 22H2 The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices. @@ -49,6 +50,10 @@ For information on customizing the Start menu layout using policy, see [Customiz The [Start/HideFrequentlyUsedApps](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) policy enforces hiding Most Used Apps on the Start menu. You can't use this policy to enforce always showing Most Used Apps on the Start menu. +**The following policies are supported starting with Windows 11, version 22H2:** + +- [Start/HideAppList](/windows/client-management/mdm/policy-csp-start#start-hideapplist) +- [Start/DisableContextMenus](/windows/client-management/mdm/policy-csp-start#start-disablecontextmenus) ## Existing CSP policies that Windows 11 doesn't support - [Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout) @@ -56,6 +61,9 @@ For information on customizing the Start menu layout using policy, see [Customiz - [Start/HideRecentlyAddedApps](/windows/client-management/mdm/policy-csp-start#start-hiderecentlyaddedapps) - Group policy: `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove "Recently added" list from Start Menu` + +> [!NOTE] +The following two policies are supported starting in Windows 11, version 22H2 - [Start/HideAppList](/windows/client-management/mdm/policy-csp-start#start-hideapplist) - Group policy: From 903d1046734d8500800fc2bd23e97d16dabdf5d9 Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 15 Sep 2022 16:15:53 -0400 Subject: [PATCH 07/28] delete lockdown11 --- windows/configuration/lock-down-windows-11-to-specific-apps.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 windows/configuration/lock-down-windows-11-to-specific-apps.md diff --git a/windows/configuration/lock-down-windows-11-to-specific-apps.md b/windows/configuration/lock-down-windows-11-to-specific-apps.md deleted file mode 100644 index e69de29bb2..0000000000 From fbc70ec2aedc14bbbb6305681ceca42f635f79ad Mon Sep 17 00:00:00 2001 From: Liz Long <104389055+lizgt2000@users.noreply.github.com> Date: Thu, 15 Sep 2022 17:00:15 -0400 Subject: [PATCH 08/28] fix note formatting --- .../configuration/supported-csp-start-menu-layout-windows.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md index 11def3bd66..4f791b62a0 100644 --- a/windows/configuration/supported-csp-start-menu-layout-windows.md +++ b/windows/configuration/supported-csp-start-menu-layout-windows.md @@ -63,7 +63,7 @@ For information on customizing the Start menu layout using policy, see [Customiz - Group policy: `Computer Configuration\Administrative Templates\Start Menu and Taskbar\Remove "Recently added" list from Start Menu` > [!NOTE] -The following two policies are supported starting in Windows 11, version 22H2 +> The following two policies are supported starting in Windows 11, version 22H2 - [Start/HideAppList](/windows/client-management/mdm/policy-csp-start#start-hideapplist) - Group policy: From 7ae788e4fc2a5255996d91806f778f81e5f99cfc Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Fri, 16 Sep 2022 11:05:55 +0200 Subject: [PATCH 09/28] Update introduction-vamt.md Updated text regarding OS that VAMT can be installed on, so it's in line with information on volume-activation-management-tool.md. Added a hard line shift in text under KMS section, since that seems like the authors intention. --- windows/deployment/volume-activation/introduction-vamt.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index 403b5a2209..d07e6fadda 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -12,7 +12,7 @@ ms.topic: article # Introduction to VAMT -The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, or Windows Server 2012. +The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7 or above, Windows Server 2008 R2 or above. > [!NOTE] > VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated. @@ -42,7 +42,7 @@ VAMT is commonly implemented in enterprise environments. The following screensho ![VAMT in the enterprise.](images/dep-win8-l-vamt-image001-enterprise.jpg) -In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have extra firewall protection. +In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have extra firewall protection.\ The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab. ## VAMT User Interface From 1812823a7e7106daed37fd4af8fbf41654db7cb2 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Fri, 16 Sep 2022 11:20:53 +0200 Subject: [PATCH 10/28] Update volume-activation-management-tool.md Changed to markdown for previous bold section Important. Updated the Important text with Windows 11. --- .../volume-activation/volume-activation-management-tool.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index ec4715c198..56289c4bdf 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -18,9 +18,8 @@ VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the W - Windows® 7 or above - Windows Server 2008 R2 or above - -**Important**   -VAMT is designed to manage volume activation for: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 (or later), Microsoft Office 2010 (or above). +> [!IMPORTANT] +> VAMT is designed to manage volume activation for: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, Windows Server 2008 (or later), Microsoft Office 2010 (or above). VAMT is only available in an EN-US (x86) package. From beeb6a5348c3ef58c1384054458262a7f2694723 Mon Sep 17 00:00:00 2001 From: Baard Hermansen Date: Fri, 16 Sep 2022 11:33:59 +0200 Subject: [PATCH 11/28] Update activate-using-active-directory-based-activation-client.md Updated Applies to with bullet points, so that each product appears by itself. --- ...ctive-directory-based-activation-client.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index bbc1b4b9d4..bbbd01c4eb 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -16,18 +16,18 @@ ms.collection: highpri **Applies to** -Windows 11 -Windows 10 -Windows 8.1 -Windows 8 -Windows Server 2012 R2 -Windows Server 2012 -Windows Server 2016 -Windows Server 2019 -Office 2021* -Office 2019* -Office 2016* -Office 2013* +- Windows 11 +- Windows 10 +- Windows 8.1 +- Windows 8 +- Windows Server 2012 R2 +- Windows Server 2012 +- Windows Server 2016 +- Windows Server 2019 +- Office 2021* +- Office 2019* +- Office 2016* +- Office 2013* **Looking for retail activation?** From 05971fbce3c6feb2feb98e7999ede899cae7195a Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 16 Sep 2022 10:34:45 -0400 Subject: [PATCH 12/28] [22H2] What's new in MDM enrollment and management --- ...ew-in-windows-mdm-enrollment-management.md | 147 ++++++++++-------- 1 file changed, 78 insertions(+), 69 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index fdfb90c836..1419c8fb98 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -12,29 +12,95 @@ ms.prod: w10 ms.technology: windows author: vinaypamnani-msft ms.localizationpriority: medium -ms.date: 10/20/2020 +ms.date: 09/16/2022 --- # What's new in mobile device enrollment and management -This article provides information about what's new in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 and Windows 11 devices. This article also provides details about the breaking changes and known issues and frequently asked questions. +This article provides information about what's new in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 and Windows 11 devices. This article also provides details about the breaking changes and known issues and frequently asked questions. -For details about Microsoft mobile device management protocols for Windows 10 and Windows 11, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347). +For details about Microsoft mobile device management protocols for Windows 10 and Windows 11, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2]( https://go.microsoft.com/fwlink/p/?LinkId=619347). +## What's new in MDM for Windows 11, version 22H2 -## What’s new in MDM for Windows 11, version 21H2 +| New or updated article | Description | +|--|--| +| [AssignedAccess](/windows/client-management/mdm/assignedaccess-csp) | Added the following node:

  • | +| [DeviceStatus](/windows/client-management/mdm/devicestatus-csp) | Added the following node:
  • MDMClientCertAttestation | +| [eUUICs](/windows/client-management/mdm/euiccs-csp) | Added the following node:
  • IsDiscoveryServer | +| [PersonalDataEncryption](windows/client-management/mdm/personaldataencryption-csp) | New CSP | +| [Policy CSP](windows/client-management/mdm/policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • Kerberos/PKInitHashAlgorithmConfiguration
  • Kerberos/PKInitHashAlgorithmSHA1
  • Kerberos/PKInitHashAlgorithmSHA256
  • Kerberos/PKInitHashAlgorithmSHA384
  • Kerberos/PKInitHashAlgorithmSHA512
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • System/ConfigureWinSEMode
  • textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • Windowslogon/EnableMPRNotifications | +| [SecureAssessment](windows/client-management/mdm/secureassessment-csp) | Added the following node:
  • Asssessments | +| [WindowsAutopilot](windows/client-management/mdm/windowsautopilot-csp) | Added the following node:
  • HardwareMismatchRemediationData | + +## What's new in MDM for Windows 11, version 21H2 + +| New or updated article | Description | +|--|--| +| [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • NewsAndInterests/AllowNewsAndInterests
  • Experiences/ConfigureChatIcon
  • Start/ConfigureStartPins
  • Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
  • Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable | +| [DMClient CSP](dmclient-csp.md) | Updated the description of the following node:
  • Provider/ProviderID/ConfigLock/Lock
  • Provider/ProviderID/ConfigLock/UnlockDuration
  • Provider/ProviderID/ConfigLock/SecuredCore | +| [PrinterProvisioning](windows/client-management/mdm/universalprint-csp) | New CSP | + +## What's new in MDM for Windows 10, version 20H2 |New or updated article|Description| |-----|-----| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 11, version 21H2:
    - NewsAndInterests/AllowNewsAndInterests
    - Experiences/ConfigureChatIcon
    - Start/ConfigureStartPins
    - Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
    - Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable | -| [DMClient CSP](dmclient-csp.md) | Updated the description of the following node:
    - Provider/ProviderID/ConfigLock/Lock
    - Provider/ProviderID/ConfigLock/UnlockDuration
    - Provider/ProviderID/ConfigLock/SecuredCore | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
  • [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
  • [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
  • [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
  • [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
  • [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
  • [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
  • [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) | +| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
  • Properties/SleepMode | +| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
  • Settings/AllowWindowsDefenderApplicationGuard | +## What's new in MDM for Windows 10, version 2004 + +| New or updated article | Description | +|-----|-----| +| [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • [ApplicationManagement/BlockNonAdminUserInstall](policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall)
  • [Bluetooth/SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize)
  • [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
  • [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
  • [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
  • [Education/AllowGraphingCalculator](policy-csp-education.md#education-allowgraphingcalculator)
  • [TextInput/ConfigureJapaneseIMEVersion](policy-csp-textinput.md#textinput-configurejapaneseimeversion)
  • [TextInput/ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#textinput-configuresimplifiedchineseimeversion)
  • [TextInput/ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#textinput-configuretraditionalchineseimeversion)

    Updated the following policy in Windows 10, version 2004:
  • [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)

    Deprecated the following policies in Windows 10, version 2004:
  • [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
  • [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
  • [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) | +| [DevDetail CSP](devdetail-csp.md) | Added the following new node:
  • Ext/Microsoft/DNSComputerName | +| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following node:
  • IsStub | +| [SUPL CSP](supl-csp.md) | Added the following node:
  • FullVersion | + +## What's new in MDM for Windows 10, version 1909 + +| New or updated article | Description | +|-----|-----| +| [BitLocker CSP](bitlocker-csp.md) | Added the following nodes:
  • ConfigureRecoveryPasswordRotation
  • RotateRecoveryPasswords
  • RotateRecoveryPasswordsStatus
  • RotateRecoveryPasswordsRequestID| + +## What's new in MDM for Windows 10, version 1903 + +| New or updated article | Description | +|-----|-----| +|[Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
  • [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
  • [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
  • [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
  • [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
  • [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids)
  • [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids)
  • [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
  • [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
  • [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
  • [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
  • [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
  • [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
  • [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
  • [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
  • [Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery)
  • [Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
  • [Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery)
  • [Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin)
  • [Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery)
  • [Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
  • [Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery)
  • [Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
  • [Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery)
  • [Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)
  • [Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
  • [Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
  • [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
  • [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
  • [Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles)
  • [ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
  • [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
  • [System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory)
  • [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
  • [Troubleshooting/AllowRecommendations](policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
  • [Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup)
  • [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
  • [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
  • [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
  • [WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
  • [WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
  • [WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)| +| [Policy CSP - Audit](policy-csp-audit.md) | Added the new Audit policy CSP. | +| [ApplicationControl CSP](applicationcontrol-csp.md) | Added the new CSP. | +| [Defender CSP](defender-csp.md) | Added the following new nodes:
  • Health/TamperProtectionEnabled
  • Health/IsVirtualMachine
  • Configuration
  • Configuration/TamperProtection
  • Configuration/EnableFileHashComputation | +| [DiagnosticLog CSP](diagnosticlog-csp.md)
    [DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.4 of the CSP in Windows 10, version 1903.
    Added the new 1.4 version of the DDF.
    Added the following new nodes:
  • Policy
  • Policy/Channels
  • Policy/Channels/ChannelName
  • Policy/Channels/ChannelName/MaximumFileSize
  • Policy/Channels/ChannelName/SDDL
  • Policy/Channels/ChannelName/ActionWhenFull
  • Policy/Channels/ChannelName/Enabled
  • DiagnosticArchive
  • DiagnosticArchive/ArchiveDefinition
  • DiagnosticArchive/ArchiveResults | +| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | Added the new CSP. | +| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes:
  • SecurityKey
  • SecurityKey/UseSecurityKeyForSignin | + + +## What's new in MDM for Windows 10, version 1809 + +| New or updated article | Description | +|-----|-----| +|[Policy CSP](policy-configuration-service-provider.md) | Added the following policy settings:
  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
  • Authentication/EnableFastFirstSignIn (Preview mode only)
  • Authentication/EnableWebSignIn (Preview mode only)
  • Authentication/PreferredAadTenantDomainName
  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
  • Browser/AllowPrinting
  • Browser/AllowSavingHistory
  • Browser/AllowSideloadingOfExtensions
  • Browser/AllowTabPreloading
  • Browser/AllowWebContentOnNewTabPage
  • Browser/ConfigureFavoritesBar
  • Browser/ConfigureHomeButton
  • Browser/ConfigureKioskMode
  • Browser/ConfigureKioskResetAfterIdleTimeout
  • Browser/ConfigureOpenMicrosoftEdgeWith
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
  • Browser/PreventCertErrorOverrides
  • Browser/SetHomeButtonURL
  • Browser/SetNewTabPageURL
  • Browser/UnlockHomeButton
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
  • Defender/EnableLowCPUPriority
  • Defender/SignatureUpdateFallbackOrder
  • Defender/SignatureUpdateFileSharesSources
  • DeviceGuard/ConfigureSystemGuardLaunch
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
  • DmaGuard/DeviceEnumerationPolicy
  • Experience/AllowClipboardHistory
  • Experience/DoNotSyncBrowserSettings
  • Experience/PreventUsersFromTurningOnBrowserSyncing
  • Kerberos/UPNNameHints
  • Privacy/AllowCrossDeviceClipboard
  • Privacy/DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • Security/RecoveryEnvironmentAuthentication
  • System/AllowDeviceNameInDiagnosticData
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
  • Storage/RemovableDiskDenyWriteAccess
  • TaskManager/AllowEndTask
  • Update/DisableWUfBSafeguards
  • Update/EngagedRestartDeadlineForFeatureUpdates
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
  • Update/SetDisablePauseUXAccess
  • Update/SetDisableUXWUAccess
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
  • WindowsLogon/DontDisplayNetworkSelectionUI | +| [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption.
  • Added support for Windows 10 Pro. | +| [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus. | +| [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber. | +| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added NonRemovable setting under AppManagement node. | +| [Office CSP](office-csp.md) | Added FinalStatus setting. | +| [PassportForWork CSP](passportforwork-csp.md) | Added new settings. | +| [RemoteWipe CSP](remotewipe-csp.md) | Added new settings. | +| [SUPL CSP](supl-csp.md) | Added three new certificate nodes. | +| [TenantLockdown CSP](tenantlockdown-csp.md) | Added new CSP. | +| [Wifi CSP](wifi-csp.md) | Added a new node WifiCost. | +| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Added new settings. | +| [WindowsLicensing CSP](windowslicensing-csp.md) | Added S mode settings and SyncML examples. | +| [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) | New CSP. | ## Breaking changes and known issues -### Get command inside an atomic command isn’t supported +### Get command inside an atomic command isn't supported -In Windows 10 and Windows 11, a Get command inside an atomic command isn't supported. +In Windows 10 and Windows 11, a Get command inside an atomic command isn't supported. ### Apps installed using WMI classes are not removed @@ -42,11 +108,11 @@ Applications installed using WMI classes aren't removed when the MDM account is ### Passing CDATA in SyncML does not work -Passing CDATA in data in SyncML to ConfigManager and CSPs doesn't work in Windows 10 and Windows 11. +Passing CDATA in data in SyncML to ConfigManager and CSPs doesn't work in Windows 10 and Windows 11. ### SSL settings in IIS server for SCEP must be set to "Ignore" -The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10 and Windows 11. +The certificate setting under "SSL Settings" in the IIS server for SCEP must be set to "Ignore" in Windows 10 and Windows 11. ![ssl settings.](images/ssl-settings.png) @@ -62,7 +128,7 @@ Remote server unenrollment is disabled for mobile devices enrolled via Azure Act ### Certificates causing issues with Wi-Fi and VPN -In Windows 10 and Windows 11, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This dual installation may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We're working to fix this issue. +In Windows 10 and Windows 11, when using the ClientCertificateInstall to install certificates to the device store and the user store and both certificates are sent to the device in the same MDM payload, the certificate intended for the device store will also get installed in the user store. This dual installation may cause issues with Wi-Fi or VPN when choosing the correct certificate to establish a connection. We're working to fix this issue. ### Version information for Windows 11 @@ -251,7 +317,7 @@ After the MDM client automatically renews the WNS channel URI, the MDM client wi ### User provisioning failure in Azure Active Directory-joined Windows 10 and Windows 11 devices -In Azure AD joined Windows 10 and Windows 11, provisioning /.User resources fails when the user isn't logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, ensure to sign out and sign in with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design. +In Azure AD joined Windows 10 and Windows 11, provisioning /.User resources fails when the user isn't logged in as an Azure AD user. If you attempt to join Azure AD from **Settings** > **System** > **About** user interface, ensure to sign out and sign in with Azure AD credentials to get your organizational configuration from your MDM server. This behavior is by design. ### Requirements to note for VPN certificates also used for Kerberos Authentication @@ -288,63 +354,6 @@ What data is handled by dmwappushsvc? | It's a component handling the internal w How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this service is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to disable the service. Disabling this service will cause your management to fail.| - -## What’s new in MDM for Windows 10, version 20H2 - -|New or updated article|Description| -|-----|-----| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
    - [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
    - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
    - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
    - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
    - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
    - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
    - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
    - [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) | -| [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
    - Properties/SleepMode | -| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
    - Settings/AllowWindowsDefenderApplicationGuard | - -## What’s new in MDM for Windows 10, version 2004 - -| New or updated article | Description | -|-----|-----| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 2004:
    - [ApplicationManagement/BlockNonAdminUserInstall](policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall)
    - [Bluetooth/SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize)
    - [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
    - [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
    - [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
    - [Education/AllowGraphingCalculator](policy-csp-education.md#education-allowgraphingcalculator)
    - [TextInput/ConfigureJapaneseIMEVersion](policy-csp-textinput.md#textinput-configurejapaneseimeversion)
    - [TextInput/ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#textinput-configuresimplifiedchineseimeversion)
    - [TextInput/ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#textinput-configuretraditionalchineseimeversion)

    Updated the following policy in Windows 10, version 2004:
    - [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)

    Deprecated the following policies in Windows 10, version 2004:
    - [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
    - [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
    - [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) | -| [DevDetail CSP](devdetail-csp.md) | Added the following new node:
    - Ext/Microsoft/DNSComputerName | -| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following new node:
    - IsStub | -| [SUPL CSP](supl-csp.md) | Added the following new node:
    - FullVersion | - -## What’s new in MDM for Windows 10, version 1909 - -| New or updated article | Description | -|-----|-----| -| [BitLocker CSP](bitlocker-csp.md) | Added the following new nodes in Windows 10, version 1909:
    - ConfigureRecoveryPasswordRotation
    - RotateRecoveryPasswords
    - RotateRecoveryPasswordsStatus
    - RotateRecoveryPasswordsRequestID| - -## What’s new in MDM for Windows 10, version 1903 - -| New or updated article | Description | -|-----|-----| -|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 1903:
    - [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
    - [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
    - [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
    - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
    - [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
    - [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids)
    - [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids)
    - [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
    - [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
    - [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
    - [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
    - [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
    - [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
    - [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
    - [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
    - [Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery)
    - [Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
    - [Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery)
    - [Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin)
    - [Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery)
    - [Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
    - [Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery)
    - [Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
    - [Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery)
    - [Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)
    - [Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
    - [Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
    - [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
    - [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
    - [Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles)
    - [ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
    - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
    - [System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory)
    - [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
    - [Troubleshooting/AllowRecommendations](policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
    - [Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup)
    - [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
    - [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
    - [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
    - [WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
    - [WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
    - [WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)| -| [Policy CSP - Audit](policy-csp-audit.md) | Added the new Audit policy CSP. | -| [ApplicationControl CSP](applicationcontrol-csp.md) | Added the new CSP. | -| [Defender CSP](defender-csp.md) | Added the following new nodes:
    - Health/TamperProtectionEnabled
    - Health/IsVirtualMachine
    - Configuration
    - Configuration/TamperProtection
    - Configuration/EnableFileHashComputation | -| [DiagnosticLog CSP](diagnosticlog-csp.md)
    [DiagnosticLog DDF](diagnosticlog-ddf.md) | Added version 1.4 of the CSP in Windows 10, version 1903.
    Added the new 1.4 version of the DDF.
    Added the following new nodes:
    - Policy
    - Policy/Channels
    - Policy/Channels/ChannelName
    - Policy/Channels/ChannelName/MaximumFileSize
    - Policy/Channels/ChannelName/SDDL
    - Policy/Channels/ChannelName/ActionWhenFull
    - Policy/Channels/ChannelName/Enabled
    - DiagnosticArchive
    - DiagnosticArchive/ArchiveDefinition
    - DiagnosticArchive/ArchiveResults | -| [EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md) | Added the new CSP. | -| [PassportForWork CSP](passportforwork-csp.md) | Added the following new nodes:
    - SecurityKey
    - SecurityKey/UseSecurityKeyForSignin | - - -## What’s new in MDM for Windows 10, version 1809 - -| New or updated article | Description | -|-----|-----| -|[Policy CSP](policy-configuration-service-provider.md) | Added the following new policy settings in Windows 10, version 1809:
    - ApplicationManagement/LaunchAppAfterLogOn
    - ApplicationManagement/ScheduleForceRestartForUpdateFailures
    - Authentication/EnableFastFirstSignIn (Preview mode only)
    - Authentication/EnableWebSignIn (Preview mode only)
    - Authentication/PreferredAadTenantDomainName
    - Browser/AllowFullScreenMode
    - Browser/AllowPrelaunch
    - Browser/AllowPrinting
    - Browser/AllowSavingHistory
    - Browser/AllowSideloadingOfExtensions
    - Browser/AllowTabPreloading
    - Browser/AllowWebContentOnNewTabPage
    - Browser/ConfigureFavoritesBar
    - Browser/ConfigureHomeButton
    - Browser/ConfigureKioskMode
    - Browser/ConfigureKioskResetAfterIdleTimeout
    - Browser/ConfigureOpenMicrosoftEdgeWith
    - Browser/ConfigureTelemetryForMicrosoft365Analytics
    - Browser/PreventCertErrorOverrides
    - Browser/SetHomeButtonURL
    - Browser/SetNewTabPageURL
    - Browser/UnlockHomeButton
    - Defender/CheckForSignaturesBeforeRunningScan
    - Defender/DisableCatchupFullScan
    - Defender/DisableCatchupQuickScan
    - Defender/EnableLowCPUPriority
    - Defender/SignatureUpdateFallbackOrder
    - Defender/SignatureUpdateFileSharesSources
    - DeviceGuard/ConfigureSystemGuardLaunch
    - DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
    - DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
    - DeviceInstallation/PreventDeviceMetadataFromNetwork
    - DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
    - DmaGuard/DeviceEnumerationPolicy
    - Experience/AllowClipboardHistory
    - Experience/DoNotSyncBrowserSettings
    - Experience/PreventUsersFromTurningOnBrowserSyncing
    - Kerberos/UPNNameHints
    - Privacy/AllowCrossDeviceClipboard
    - Privacy/DisablePrivacyExperience
    - Privacy/UploadUserActivities
    - Security/RecoveryEnvironmentAuthentication
    - System/AllowDeviceNameInDiagnosticData
    - System/ConfigureMicrosoft365UploadEndpoint
    - System/DisableDeviceDelete
    - System/DisableDiagnosticDataViewer
    - Storage/RemovableDiskDenyWriteAccess
    - TaskManager/AllowEndTask
    - Update/DisableWUfBSafeguards
    - Update/EngagedRestartDeadlineForFeatureUpdates
    - Update/EngagedRestartSnoozeScheduleForFeatureUpdates
    - Update/EngagedRestartTransitionScheduleForFeatureUpdates
    - Update/SetDisablePauseUXAccess
    - Update/SetDisableUXWUAccess
    - WindowsDefenderSecurityCenter/DisableClearTpmButton
    - WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
    - WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
    - WindowsLogon/DontDisplayNetworkSelectionUI | -| [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption in Windows 10, version 1809. Added support for Windows 10 Pro. | -| [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus in Windows 10, version 1809. | -| [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber in Windows 10, version 1809. | -| [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added NonRemovable setting under AppManagement node in Windows 10, version 1809. | -| [Office CSP](office-csp.md) | Added FinalStatus setting in Windows 10, version 1809. | -| [PassportForWork CSP](passportforwork-csp.md) | Added new settings in Windows 10, version 1809. | -| [RemoteWipe CSP](remotewipe-csp.md) | Added new settings in Windows 10, version 1809. | -| [SUPL CSP](supl-csp.md) | Added three new certificate nodes in Windows 10, version 1809. | -| [TenantLockdown CSP](tenantlockdown-csp.md) | Added new CSP in Windows 10, version 1809. | -| [Wifi CSP](wifi-csp.md) | Added a new node WifiCost in Windows 10, version 1809. | -| [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Added new settings in Windows 10, version 1809. | -| [WindowsLicensing CSP](windowslicensing-csp.md) | Added S mode settings and SyncML examples in Windows 10, version 1809. | -| [Win32CompatibilityAppraiser CSP](win32compatibilityappraiser-csp.md) | Added new configuration service provider in Windows 10, version 1809. | - - ## Change history for MDM documentation To know what's changed in MDM documentation, see [Change history for MDM documentation](change-history-for-mdm-documentation.md). From ecdb97f405a8179061c9046bfc4c84b2aefd6e57 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 16 Sep 2022 10:49:34 -0400 Subject: [PATCH 13/28] links update --- .../new-in-windows-mdm-enrollment-management.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 1419c8fb98..e420d6eba3 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -25,13 +25,13 @@ For details about Microsoft mobile device management protocols for Windows 10 an | New or updated article | Description | |--|--| -| [AssignedAccess](/windows/client-management/mdm/assignedaccess-csp) | Added the following node:

  • | -| [DeviceStatus](/windows/client-management/mdm/devicestatus-csp) | Added the following node:
  • MDMClientCertAttestation | -| [eUUICs](/windows/client-management/mdm/euiccs-csp) | Added the following node:
  • IsDiscoveryServer | -| [PersonalDataEncryption](windows/client-management/mdm/personaldataencryption-csp) | New CSP | -| [Policy CSP](windows/client-management/mdm/policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • Kerberos/PKInitHashAlgorithmConfiguration
  • Kerberos/PKInitHashAlgorithmSHA1
  • Kerberos/PKInitHashAlgorithmSHA256
  • Kerberos/PKInitHashAlgorithmSHA384
  • Kerberos/PKInitHashAlgorithmSHA512
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • System/ConfigureWinSEMode
  • textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • Windowslogon/EnableMPRNotifications | -| [SecureAssessment](windows/client-management/mdm/secureassessment-csp) | Added the following node:
  • Asssessments | -| [WindowsAutopilot](windows/client-management/mdm/windowsautopilot-csp) | Added the following node:
  • HardwareMismatchRemediationData | +| [AssignedAccess](assignedaccess-csp.md) | Added the following node:

  • | +| [DeviceStatus](devicestatus-csp.md) | Added the following node:
  • MDMClientCertAttestation | +| [eUUICs](euiccs-csp.md) | Added the following node:
  • IsDiscoveryServer | +| [PersonalDataEncryption](personaldataencryption-csp.md) | New CSP | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • Kerberos/PKInitHashAlgorithmConfiguration
  • Kerberos/PKInitHashAlgorithmSHA1
  • Kerberos/PKInitHashAlgorithmSHA256
  • Kerberos/PKInitHashAlgorithmSHA384
  • Kerberos/PKInitHashAlgorithmSHA512
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • System/ConfigureWinSEMode
  • textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • Windowslogon/EnableMPRNotifications | +| [SecureAssessment](secureassessment-csp.md) | Added the following node:
  • Asssessments | +| [WindowsAutopilot](windowsautopilot-csp.md) | Added the following node:
  • HardwareMismatchRemediationData | ## What's new in MDM for Windows 11, version 21H2 @@ -39,7 +39,7 @@ For details about Microsoft mobile device management protocols for Windows 10 an |--|--| | [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • NewsAndInterests/AllowNewsAndInterests
  • Experiences/ConfigureChatIcon
  • Start/ConfigureStartPins
  • Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
  • Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable | | [DMClient CSP](dmclient-csp.md) | Updated the description of the following node:
  • Provider/ProviderID/ConfigLock/Lock
  • Provider/ProviderID/ConfigLock/UnlockDuration
  • Provider/ProviderID/ConfigLock/SecuredCore | -| [PrinterProvisioning](windows/client-management/mdm/universalprint-csp) | New CSP | +| [PrinterProvisioning](universalprint-csp.md) | New CSP | ## What's new in MDM for Windows 10, version 20H2 From e64fad674af6a4568f9010d2c861c58ee196929a Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 16 Sep 2022 10:59:35 -0400 Subject: [PATCH 14/28] moved kerberos to 21H2 --- .../mdm/new-in-windows-mdm-enrollment-management.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index e420d6eba3..cf82cc23c9 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -29,7 +29,7 @@ For details about Microsoft mobile device management protocols for Windows 10 an | [DeviceStatus](devicestatus-csp.md) | Added the following node:
  • MDMClientCertAttestation | | [eUUICs](euiccs-csp.md) | Added the following node:
  • IsDiscoveryServer | | [PersonalDataEncryption](personaldataencryption-csp.md) | New CSP | -| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • Kerberos/PKInitHashAlgorithmConfiguration
  • Kerberos/PKInitHashAlgorithmSHA1
  • Kerberos/PKInitHashAlgorithmSHA256
  • Kerberos/PKInitHashAlgorithmSHA384
  • Kerberos/PKInitHashAlgorithmSHA512
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • System/ConfigureWinSEMode
  • textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • Windowslogon/EnableMPRNotifications | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • System/ConfigureWinSEMode
  • textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • Windowslogon/EnableMPRNotifications | | [SecureAssessment](secureassessment-csp.md) | Added the following node:
  • Asssessments | | [WindowsAutopilot](windowsautopilot-csp.md) | Added the following node:
  • HardwareMismatchRemediationData | @@ -37,7 +37,7 @@ For details about Microsoft mobile device management protocols for Windows 10 an | New or updated article | Description | |--|--| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • NewsAndInterests/AllowNewsAndInterests
  • Experiences/ConfigureChatIcon
  • Start/ConfigureStartPins
  • Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
  • Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • Kerberos/PKInitHashAlgorithmConfiguration
  • Kerberos/PKInitHashAlgorithmSHA1
  • Kerberos/PKInitHashAlgorithmSHA256
  • Kerberos/PKInitHashAlgorithmSHA384
  • Kerberos/PKInitHashAlgorithmSHA512
  • NewsAndInterests/AllowNewsAndInterests
  • Experiences/ConfigureChatIcon
  • Start/ConfigureStartPins
  • Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
  • Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable | | [DMClient CSP](dmclient-csp.md) | Updated the description of the following node:
  • Provider/ProviderID/ConfigLock/Lock
  • Provider/ProviderID/ConfigLock/UnlockDuration
  • Provider/ProviderID/ConfigLock/SecuredCore | | [PrinterProvisioning](universalprint-csp.md) | New CSP | From 4b3dbaff3f7e003cfedf1e697a15afd17b842e83 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 16 Sep 2022 11:22:39 -0400 Subject: [PATCH 15/28] updates --- .../new-in-windows-mdm-enrollment-management.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index cf82cc23c9..626ccbc0ba 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -25,11 +25,11 @@ For details about Microsoft mobile device management protocols for Windows 10 an | New or updated article | Description | |--|--| -| [AssignedAccess](assignedaccess-csp.md) | Added the following node:

  • | +| [AssignedAccess](assignedaccess-csp.md) | Added the following node:
  • | | [DeviceStatus](devicestatus-csp.md) | Added the following node:
  • MDMClientCertAttestation | | [eUUICs](euiccs-csp.md) | Added the following node:
  • IsDiscoveryServer | | [PersonalDataEncryption](personaldataencryption-csp.md) | New CSP | -| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • System/ConfigureWinSEMode
  • textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • Windowslogon/EnableMPRNotifications | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • System/ConfigureWinSEMode
  • textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • WebThreatDefense/NotifyMalicious
  • WebThreatDefense/NotifyPasswordReuse
  • WebThreatDefense/NotifyUnsafeApp
  • Windowslogon/EnableMPRNotifications | | [SecureAssessment](secureassessment-csp.md) | Added the following node:
  • Asssessments | | [WindowsAutopilot](windowsautopilot-csp.md) | Added the following node:
  • HardwareMismatchRemediationData | @@ -37,15 +37,15 @@ For details about Microsoft mobile device management protocols for Windows 10 an | New or updated article | Description | |--|--| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • Kerberos/PKInitHashAlgorithmConfiguration
  • Kerberos/PKInitHashAlgorithmSHA1
  • Kerberos/PKInitHashAlgorithmSHA256
  • Kerberos/PKInitHashAlgorithmSHA384
  • Kerberos/PKInitHashAlgorithmSHA512
  • NewsAndInterests/AllowNewsAndInterests
  • Experiences/ConfigureChatIcon
  • Start/ConfigureStartPins
  • Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
  • Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable | -| [DMClient CSP](dmclient-csp.md) | Updated the description of the following node:
  • Provider/ProviderID/ConfigLock/Lock
  • Provider/ProviderID/ConfigLock/UnlockDuration
  • Provider/ProviderID/ConfigLock/SecuredCore | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Kerberos/PKInitHashAlgorithmConfiguration
  • Kerberos/PKInitHashAlgorithmSHA1
  • Kerberos/PKInitHashAlgorithmSHA256
  • Kerberos/PKInitHashAlgorithmSHA384
  • Kerberos/PKInitHashAlgorithmSHA512
  • NewsAndInterests/AllowNewsAndInterests
  • Experiences/ConfigureChatIcon
  • Start/ConfigureStartPins
  • Virtualizationbasedtechnology/HypervisorEnforcedCodeIntegrity
  • Virtualizationbasedtechnology/RequireUEFIMemoryAttributesTable | +| [DMClient CSP](dmclient-csp.md) | Updated the description of the following nodes:
  • Provider/ProviderID/ConfigLock/Lock
  • Provider/ProviderID/ConfigLock/UnlockDuration
  • Provider/ProviderID/ConfigLock/SecuredCore | | [PrinterProvisioning](universalprint-csp.md) | New CSP | ## What's new in MDM for Windows 10, version 20H2 |New or updated article|Description| |-----|-----| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • [Experience/DisableCloudOptimizedContent](policy-csp-experience.md#experience-disablecloudoptimizedcontent)
  • [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
  • [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
  • [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
  • [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
  • [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
  • [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
  • [Multitasking/BrowserAltTabBlowout](policy-csp-multitasking.md#multitasking-browseralttabblowout) | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Experience/DisableCloudOptimizedContent
  • LocalUsersAndGroups/Configure
  • MixedReality/AADGroupMembershipCacheValidityInDays
  • MixedReality/BrightnessButtonDisabled
  • MixedReality/FallbackDiagnostics
  • MixedReality/MicrophoneDisabled
  • MixedReality/VolumeButtonDisabled
  • Multitasking/BrowserAltTabBlowout| | [SurfaceHub CSP](surfacehub-csp.md) | Added the following new node:
  • Properties/SleepMode | | [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
  • Settings/AllowWindowsDefenderApplicationGuard | @@ -53,7 +53,7 @@ For details about Microsoft mobile device management protocols for Windows 10 an | New or updated article | Description | |-----|-----| -| [Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • [ApplicationManagement/BlockNonAdminUserInstall](policy-csp-applicationmanagement.md#applicationmanagement-blocknonadminuserinstall)
  • [Bluetooth/SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#bluetooth-setminimumencryptionkeysize)
  • [DeliveryOptimization/DOCacheHostSource](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehostsource)
  • [DeliveryOptimization/DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxbackgrounddownloadbandwidth)
  • [DeliveryOptimization/DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxforegrounddownloadbandwidth)
  • [Education/AllowGraphingCalculator](policy-csp-education.md#education-allowgraphingcalculator)
  • [TextInput/ConfigureJapaneseIMEVersion](policy-csp-textinput.md#textinput-configurejapaneseimeversion)
  • [TextInput/ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#textinput-configuresimplifiedchineseimeversion)
  • [TextInput/ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#textinput-configuretraditionalchineseimeversion)

    Updated the following policy in Windows 10, version 2004:
  • [DeliveryOptimization/DOCacheHost](policy-csp-deliveryoptimization.md#deliveryoptimization-docachehost)

    Deprecated the following policies in Windows 10, version 2004:
  • [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth)
  • [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth)
  • [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth) | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • ApplicationManagement/BlockNonAdminUserInstall
  • Bluetooth/SetMinimumEncryptionKeySize
  • DeliveryOptimization/DOCacheHostSource
  • DeliveryOptimization/DOMaxBackgroundDownloadBandwidth
  • DeliveryOptimization/DOMaxForegroundDownloadBandwidth
  • Education/AllowGraphingCalculator
  • TextInput/ConfigureJapaneseIMEVersion
  • TextInput/ConfigureSimplifiedChineseIMEVersion
  • TextInput/ConfigureTraditionalChineseIMEVersion

    Updated the following policy in Windows 10, version 2004:
  • DeliveryOptimization/DOCacheHost

    Deprecated the following policies in Windows 10, version 2004:
  • DeliveryOptimization/DOMaxDownloadBandwidth
  • DeliveryOptimization/DOMaxUploadBandwidth
  • DeliveryOptimization/DOPercentageMaxDownloadBandwidth | | [DevDetail CSP](devdetail-csp.md) | Added the following new node:
  • Ext/Microsoft/DNSComputerName | | [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md) | Added the following node:
  • IsStub | | [SUPL CSP](supl-csp.md) | Added the following node:
  • FullVersion | @@ -68,7 +68,7 @@ For details about Microsoft mobile device management protocols for Windows 10 an | New or updated article | Description | |-----|-----| -|[Policy CSP](policy-configuration-service-provider.md) | Added the following policies:
  • [DeliveryOptimization/DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackbackground)
  • [DeliveryOptimization/DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#deliveryoptimization-dodelaycacheserverfallbackforeground)
  • [DeviceHealthMonitoring/AllowDeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-allowdevicehealthmonitoring)
  • [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringscope)
  • [DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination](policy-csp-devicehealthmonitoring.md#devicehealthmonitoring-configdevicehealthmonitoringuploaddestination)
  • [DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationallowinstallationofmatchingdeviceinstanceids)
  • [DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs](policy-csp-deviceinstallation.md#deviceinstallationpreventinstallationofmatchingdeviceinstanceids)
  • [Experience/ShowLockOnUserTile](policy-csp-experience.md#experience-showlockonusertile)
  • [InternetExplorer/AllowEnhancedSuggestionsInAddressBar](policy-csp-internetexplorer.md#internetexplorer-allowenhancedsuggestionsinaddressbar)
  • [InternetExplorer/DisableActiveXVersionListAutoDownload](policy-csp-internetexplorer.md#internetexplorer-disableactivexversionlistautodownload)
  • [InternetExplorer/DisableCompatView](policy-csp-internetexplorer.md#internetexplorer-disablecompatview)
  • [InternetExplorer/DisableFeedsBackgroundSync](policy-csp-internetexplorer.md#internetexplorer-disablefeedsbackgroundsync)
  • [InternetExplorer/DisableGeolocation](policy-csp-internetexplorer.md#internetexplorer-disablegeolocation)
  • [InternetExplorer/DisableWebAddressAutoComplete](policy-csp-internetexplorer.md#internetexplorer-disablewebaddressautocomplete)
  • [InternetExplorer/NewTabDefaultPage](policy-csp-internetexplorer.md#internetexplorer-newtabdefaultpage)
  • [Power/EnergySaverBatteryThresholdOnBattery](policy-csp-power.md#power-energysaverbatterythresholdonbattery)
  • [Power/EnergySaverBatteryThresholdPluggedIn](policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
  • [Power/SelectLidCloseActionOnBattery](policy-csp-power.md#power-selectlidcloseactiononbattery)
  • [Power/SelectLidCloseActionPluggedIn](policy-csp-power.md#power-selectlidcloseactionpluggedin)
  • [Power/SelectPowerButtonActionOnBattery](policy-csp-power.md#power-selectpowerbuttonactiononbattery)
  • [Power/SelectPowerButtonActionPluggedIn](policy-csp-power.md#power-selectpowerbuttonactionpluggedin)
  • [Power/SelectSleepButtonActionOnBattery](policy-csp-power.md#power-selectsleepbuttonactiononbattery)
  • [Power/SelectSleepButtonActionPluggedIn](policy-csp-power.md#power-selectsleepbuttonactionpluggedin)
  • [Power/TurnOffHybridSleepOnBattery](policy-csp-power.md#power-turnoffhybridsleeponbattery)
  • [Power/TurnOffHybridSleepPluggedIn](policy-csp-power.md#power-turnoffhybridsleeppluggedin)
  • [Power/UnattendedSleepTimeoutOnBattery](policy-csp-power.md#power-unattendedsleeptimeoutonbattery)
  • [Power/UnattendedSleepTimeoutPluggedIn](policy-csp-power.md#power-unattendedsleeptimeoutpluggedin)
  • [Privacy/LetAppsActivateWithVoice](policy-csp-privacy.md#privacy-letappsactivatewithvoice)
  • [Privacy/LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#privacy-letappsactivatewithvoiceabovelock)
  • [Search/AllowFindMyFiles](policy-csp-search.md#search-allowfindmyfiles)
  • [ServiceControlManager/SvchostProcessMitigation](policy-csp-servicecontrolmanager.md#servicecontrolmanager-svchostprocessmitigation)
  • [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
  • [System/TurnOffFileHistory](policy-csp-system.md#system-turnofffilehistory)
  • [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
  • [Troubleshooting/AllowRecommendations](policy-csp-troubleshooting.md#troubleshooting-allowrecommendations)
  • [Update/AutomaticMaintenanceWakeUp](policy-csp-update.md#update-automaticmaintenancewakeup)
  • [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates)
  • [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates)
  • [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod)
  • [WindowsLogon/AllowAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-allowautomaticrestartsignon)
  • [WindowsLogon/ConfigAutomaticRestartSignOn](policy-csp-windowslogon.md#windowslogon-configautomaticrestartsignon)
  • [WindowsLogon/EnableFirstLogonAnimation](policy-csp-windowslogon.md#windowslogon-enablefirstlogonanimation)| +|[Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • DeliveryOptimization/DODelayCacheServerFallbackBackground
  • DeliveryOptimization/DODelayCacheServerFallbackForeground
  • DeviceHealthMonitoring/AllowDeviceHealthMonitoring
  • DeviceHealthMonitoring/ConfigDeviceHealthMonitoringScope
  • DeviceHealthMonitoring/ConfigDeviceHealthMonitoringUploadDestination
  • DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs
  • DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs
  • Experience/ShowLockOnUserTile
  • InternetExplorer/AllowEnhancedSuggestionsInAddressBar
  • InternetExplorer/DisableActiveXVersionListAutoDownload
  • InternetExplorer/DisableCompatView
  • InternetExplorer/DisableFeedsBackgroundSync
  • InternetExplorer/DisableGeolocation
  • InternetExplorer/DisableWebAddressAutoComplete
  • InternetExplorer/NewTabDefaultPage
  • Power/EnergySaverBatteryThresholdOnBattery
  • Power/EnergySaverBatteryThresholdPluggedIn
  • Power/SelectLidCloseActionOnBatterybr>
  • Power/SelectLidCloseActionPluggedIn
  • Power/SelectPowerButtonActionOnBattery
  • Power/SelectPowerButtonActionPluggedIn
  • Power/SelectSleepButtonActionOnBattery
  • Power/SelectSleepButtonActionPluggedIn
  • Power/TurnOffHybridSleepOnBattery
  • Power/TurnOffHybridSleepPluggedIn
  • Power/UnattendedSleepTimeoutOnBattery
  • Power/UnattendedSleepTimeoutPluggedIn
  • Privacy/LetAppsActivateWithVoice
  • Privacy/LetAppsActivateWithVoiceAboveLock
  • Search/AllowFindMyFiles
  • ServiceControlManager/SvchostProcessMitigation
  • System/AllowCommercialDataPipelinebr>
  • System/TurnOffFileHistory
  • TimeLanguageSettings/ConfigureTimeZonebr>
  • Troubleshooting/AllowRecommendations
  • Update/AutomaticMaintenanceWakeUp
  • Update/ConfigureDeadlineForFeatureUpdates
  • Update/ConfigureDeadlineForQualityUpdates
  • Update/ConfigureDeadlineGracePeriod
  • WindowsLogon/AllowAutomaticRestartSignOn
  • WindowsLogon/ConfigAutomaticRestartSignOn
  • WindowsLogon/EnableFirstLogonAnimation| | [Policy CSP - Audit](policy-csp-audit.md) | Added the new Audit policy CSP. | | [ApplicationControl CSP](applicationcontrol-csp.md) | Added the new CSP. | | [Defender CSP](defender-csp.md) | Added the following new nodes:
  • Health/TamperProtectionEnabled
  • Health/IsVirtualMachine
  • Configuration
  • Configuration/TamperProtection
  • Configuration/EnableFileHashComputation | @@ -81,7 +81,7 @@ For details about Microsoft mobile device management protocols for Windows 10 an | New or updated article | Description | |-----|-----| -|[Policy CSP](policy-configuration-service-provider.md) | Added the following policy settings:
  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
  • Authentication/EnableFastFirstSignIn (Preview mode only)
  • Authentication/EnableWebSignIn (Preview mode only)
  • Authentication/PreferredAadTenantDomainName
  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
  • Browser/AllowPrinting
  • Browser/AllowSavingHistory
  • Browser/AllowSideloadingOfExtensions
  • Browser/AllowTabPreloading
  • Browser/AllowWebContentOnNewTabPage
  • Browser/ConfigureFavoritesBar
  • Browser/ConfigureHomeButton
  • Browser/ConfigureKioskMode
  • Browser/ConfigureKioskResetAfterIdleTimeout
  • Browser/ConfigureOpenMicrosoftEdgeWith
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
  • Browser/PreventCertErrorOverrides
  • Browser/SetHomeButtonURL
  • Browser/SetNewTabPageURL
  • Browser/UnlockHomeButton
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
  • Defender/EnableLowCPUPriority
  • Defender/SignatureUpdateFallbackOrder
  • Defender/SignatureUpdateFileSharesSources
  • DeviceGuard/ConfigureSystemGuardLaunch
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
  • DmaGuard/DeviceEnumerationPolicy
  • Experience/AllowClipboardHistory
  • Experience/DoNotSyncBrowserSettings
  • Experience/PreventUsersFromTurningOnBrowserSyncing
  • Kerberos/UPNNameHints
  • Privacy/AllowCrossDeviceClipboard
  • Privacy/DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • Security/RecoveryEnvironmentAuthentication
  • System/AllowDeviceNameInDiagnosticData
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
  • Storage/RemovableDiskDenyWriteAccess
  • TaskManager/AllowEndTask
  • Update/DisableWUfBSafeguards
  • Update/EngagedRestartDeadlineForFeatureUpdates
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
  • Update/SetDisablePauseUXAccess
  • Update/SetDisableUXWUAccess
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
  • WindowsLogon/DontDisplayNetworkSelectionUI | +|[Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • ApplicationManagement/LaunchAppAfterLogOn
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
  • Authentication/EnableFastFirstSignIn (Preview mode only
  • Authentication/EnableWebSignIn (Preview mode only
  • Authentication/PreferredAadTenantDomainName
  • Browser/AllowFullScreenMode
  • Browser/AllowPrelaunch
  • Browser/AllowPrinting
  • Browser/AllowSavingHistory
  • Browser/AllowSideloadingOfExtensions
  • Browser/AllowTabPreloading
  • Browser/AllowWebContentOnNewTabPage
  • Browser/ConfigureFavoritesBar
  • Browser/ConfigureHomeButton
  • Browser/ConfigureKioskMode
  • Browser/ConfigureKioskResetAfterIdleTimeout
  • Browser/ConfigureOpenMicrosoftEdgeWith
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
  • Browser/PreventCertErrorOverrides
  • Browser/SetHomeButtonURL
  • Browser/SetNewTabPageURL
  • Browser/UnlockHomeButton
  • Defender/CheckForSignaturesBeforeRunningScan
  • Defender/DisableCatchupFullScan
  • Defender/DisableCatchupQuickScan
  • Defender/EnableLowCPUPriority
  • Defender/SignatureUpdateFallbackOrder
  • Defender/SignatureUpdateFileSharesSources
  • DeviceGuard/ConfigureSystemGuardLaunch
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
  • DmaGuard/DeviceEnumerationPolicy
  • Experience/AllowClipboardHistory
  • Experience/DoNotSyncBrowserSettings
  • Experience/PreventUsersFromTurningOnBrowserSyncing
  • Kerberos/UPNNameHints
  • Privacy/AllowCrossDeviceClipboard
  • Privacy/DisablePrivacyExperience
  • Privacy/UploadUserActivities
  • Security/RecoveryEnvironmentAuthentication
  • System/AllowDeviceNameInDiagnosticData
  • System/ConfigureMicrosoft365UploadEndpoint
  • System/DisableDeviceDelete
  • System/DisableDiagnosticDataViewer
  • Storage/RemovableDiskDenyWriteAccess
  • TaskManager/AllowEndTask
  • Update/DisableWUfBSafeguards
  • Update/EngagedRestartDeadlineForFeatureUpdates
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
  • Update/SetDisablePauseUXAccess
  • Update/SetDisableUXWUAccess
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
  • WindowsLogon/DontDisplayNetworkSelectionUI | | [BitLocker CSP](bitlocker-csp.md) | Added a new node AllowStandardUserEncryption.
  • Added support for Windows 10 Pro. | | [Defender CSP](defender-csp.md) | Added a new node Health/ProductStatus. | | [DevDetail CSP](devdetail-csp.md) | Added a new node SMBIOSSerialNumber. | From fe31307be4a02061c98f4a678e8535992d1e1771 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 16 Sep 2022 11:48:32 -0400 Subject: [PATCH 16/28] adjusted OMA-URI --- education/windows/edu-themes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/education/windows/edu-themes.md b/education/windows/edu-themes.md index 78ba99e4fb..8dba7e4dc8 100644 --- a/education/windows/edu-themes.md +++ b/education/windows/edu-themes.md @@ -43,7 +43,7 @@ Education themes aren't enabled by default. IT administrators can configure devi 1. In **Configuration settings**, select **Add** 1. In **Add Row**, enter the following properties: - Name: enter **EnableEduThemes** - - OMA-URI: `./Vendor/MSFT/Policy/Config/Stickers/EnableEduThemes` + - OMA-URI: `./Vendor/MSFT/Policy/Config/Education/EnableEduThemes` - Data type: **Integer** - Value: **1** 1. Select **Save** From 78910859c69bbeff425d262146d79827a95c2758 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 16 Sep 2022 09:05:08 -0700 Subject: [PATCH 17/28] heavy edit --- .../volume-activation/introduction-vamt.md | 63 ++++++++++--------- 1 file changed, 32 insertions(+), 31 deletions(-) diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md index d07e6fadda..e8e03b1772 100644 --- a/windows/deployment/volume-activation/introduction-vamt.md +++ b/windows/deployment/volume-activation/introduction-vamt.md @@ -4,61 +4,62 @@ description: VAMT enables administrators to automate and centrally manage the Wi ms.reviewer: manager: dougeby ms.author: aaroncz -ms.prod: w10 +ms.prod: windows-client +ms.technology: itpro-deploy author: aczechowski -ms.date: 04/25/2017 -ms.topic: article +ms.date: 09/16/2022 +ms.topic: overview --- # Introduction to VAMT -The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7 or above, Windows Server 2008 R2 or above. +The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows, Office, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has a supported Windows OS version. > [!NOTE] -> VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated. +> VAMT can be installed on, and can manage, physical or virtual instances. VAMT can't detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated. -## In this Topic - -- [Managing Multiple Activation Key (MAK) and Retail Activation](#bkmk-managingmak) -- [Managing Key Management Service (KMS) Activation](#bkmk-managingkms) -- [Enterprise Environment](#bkmk-enterpriseenvironment) -- [VAMT User Interface](#bkmk-userinterface) - -## Managing Multiple Activation Key (MAK) and Retail Activation +## Managing MAK and retail activation You can use a MAK or a retail product key to activate Windows, Windows Server, or Office on an individual computer or a group of computers. VAMT enables two different activation scenarios: -- **Online activation.** Many enterprises maintain a single Windows system image or Office installation package for deployment across the enterprise. Occasionally there is also a need to use retail product keys in special situations. Online activation enables you to activate over the Internet any products installed with MAK, KMS host, or retail product keys on one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. -- **Proxy activation.** This activation method enables you to perform volume activation for products installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS Host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs Internet access. You can also activate products installed on computers in a workgroup that is isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the Internet-connected VAMT host. +- **Online activation**: Many organizations maintain a single Windows system image or Office installation package for deployment across the organization. Occasionally there's also a need to use retail product keys in special situations. Online activation enables you to activate over the internet any products installed with MAK, KMS host, or retail product keys on one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft. -## Managing Key Management Service (KMS) Activation +- **Proxy activation**: This activation method enables you to perform volume activation for products installed on client computers that don't have internet access. The VAMT host computer distributes a MAK, KMS host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs internet access. You can also activate products installed on computers in a workgroup that's isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the internet-connected VAMT host. -In addition to MAK or retail activation, you can use VAMT to perform volume activation using the Key Management Service (KMS). VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by Volume License editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012 and Microsoft Office 2010.\ -VAMT treats a KMS Host key (CSVLK) product key identically to a retail-type product key; therefore, the experience for product key entry and activation management are identical for both these product key types. +## Managing KMS activation -## Enterprise Environment +In addition to MAK or retail activation, you can use VAMT to perform volume activation using the KMS. VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by volume license editions of Windows, Windows Server, and Office. -VAMT is commonly implemented in enterprise environments. The following screenshot illustrates three common environments—Core Network, Secure Zone, and Isolated Lab. +VAMT treats a KMS host key (CSVLK) product key identically to a retail-type product key. The experience for product key entry and activation management are identical for both these product key types. + +## Enterprise environment + +VAMT is commonly implemented in enterprise environments. The following screenshot illustrates three common environments: core network, secure zone, and isolated lab. ![VAMT in the enterprise.](images/dep-win8-l-vamt-image001-enterprise.jpg) -In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have extra firewall protection.\ -The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab. +- In the core network environment, all computers are within a common network managed by Active Directory Domain Services (AD DS). +- The secure zone represents higher-security core network computers that have extra firewall protection. +- The isolated lab environment is a workgroup that is physically separate from the core network, and its computers don't have internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab. -## VAMT User Interface +## VAMT user interface -The following screenshot shows the VAMT graphical user interface. +The following screenshot shows the VAMT graphical user interface: ![VAMT user interface.](images/vamtuserinterfaceupdated.jpg) VAMT provides a single, graphical user interface for managing activations, and for performing other activation-related tasks such as: -- **Adding and removing computers.** You can use VAMT to discover computers in the local environment. VAMT can discover computers by querying AD DS, workgroups, by individual computer name or IP address, or via a general LDAP query. -- **Discovering products.** You can use VAMT to discover Windows, Windows Server, Office, and select other products installed on the client computers. -- **Monitoring activation status.** You can collect activation information about each product, including the last five characters of the product key being used, the current license state (such as Licensed, Grace, Unlicensed), and the product edition information. -- **Managing product keys.** You can store multiple product keys and use VAMT to install these keys to remote client products. You can also determine the number of activations remaining for MAKs. -- **Managing activation data.** VAMT stores activation data in a SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format. +- **Adding and removing computers**: You can use VAMT to discover computers in the local environment. VAMT can discover computers by querying AD DS, workgroups, by individual computer name or IP address, or via a general LDAP query. -## Related topics +- **Discovering products**: You can use VAMT to discover Windows, Windows Server, Office, and select other products installed on the client computers. -- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md) +- **Monitoring activation status**: You can collect activation information about each product, including the last five characters of the product key being used, the current license state (such as Licensed, Grace, Unlicensed), and the product edition information. + +- **Managing product keys**: You can store multiple product keys and use VAMT to install these keys to remote client products. You can also determine the number of activations remaining for MAKs. + +- **Managing activation data**: VAMT stores activation data in a SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format. + +## Next steps + +[VAMT step-by-step scenarios](vamt-step-by-step.md) From 6d2088b31b36e86319e80a08346a66c0f906045a Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 16 Sep 2022 09:31:19 -0700 Subject: [PATCH 18/28] heavy edit --- .../volume-activation-management-tool.md | 37 +++++++++---------- 1 file changed, 17 insertions(+), 20 deletions(-) diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md index 56289c4bdf..fd360dd5f2 100644 --- a/windows/deployment/volume-activation/volume-activation-management-tool.md +++ b/windows/deployment/volume-activation/volume-activation-management-tool.md @@ -1,39 +1,36 @@ --- -title: Volume Activation Management Tool (VAMT) Technical Reference (Windows 10) +title: VAMT technical reference description: The Volume Activation Management Tool (VAMT) enables network administrators to automate and centrally manage volume activation and retail activation. manager: dougeby ms.author: aaroncz -ms.prod: w10 +ms.prod: windows-client +ms.technology: itpro-deploy author: aczechowski -ms.date: 04/25/2017 -ms.topic: article +ms.date: 09/16/2022 +ms.topic: overview ms.custom: seo-marvel-apr2020 ms.collection: highpri --- -# Volume Activation Management Tool (VAMT) Technical Reference +# Volume Activation Management Tool (VAMT) technical reference -The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process. -VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems: -- Windows® 7 or above -- Windows Server 2008 R2 or above +The Volume Activation Management Tool (VAMT) lets you automate and centrally manage the Windows, Office, and select other Microsoft products volume and retail-activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in. VAMT can be installed on any computer that has a supported Windows OS version. > [!IMPORTANT] -> VAMT is designed to manage volume activation for: Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 11, Windows Server 2008 (or later), Microsoft Office 2010 (or above). +> VAMT is designed to manage volume activation for supported versions of Windows, Windows Server, and Office. VAMT is only available in an EN-US (x86) package. ## In this section -|Topic |Description | +|Article |Description | |------|------------| |[Introduction to VAMT](introduction-vamt.md) |Provides a description of VAMT and common usages. | -|[Active Directory-Based Activation Overview](active-directory-based-activation-overview.md) |Describes Active Directory-Based Activation scenarios. | -|[Install and Configure VAMT](install-configure-vamt.md) |Describes how to install VAMT and use it to configure client computers on your network. | -|[Add and Manage Products](add-manage-products-vamt.md) |Describes how to add client computers into VAMT. | -|[Manage Product Keys](manage-product-keys-vamt.md) |Describes how to add and remove a product key from VAMT. | -|[Manage Activations](manage-activations-vamt.md) |Describes how to activate a client computer by using a variety of activation methods. | -|[Manage VAMT Data](manage-vamt-data.md) |Describes how to save, import, export, and merge a Computer Information List (CILX) file using VAMT. | -|[VAMT Step-by-Step Scenarios](vamt-step-by-step.md) |Provides step-by-step instructions for using VAMT in typical environments. | -|[VAMT Known Issues](vamt-known-issues.md) |Lists known issues in VAMT. | - +|[Active Directory-based activation overview](active-directory-based-activation-overview.md) |Describes Active Directory-based activation scenarios. | +|[Install and configure VAMT](install-configure-vamt.md) |Describes how to install VAMT and use it to configure client computers on your network. | +|[Add and manage products](add-manage-products-vamt.md) |Describes how to add client computers into VAMT. | +|[Manage product keys](manage-product-keys-vamt.md) |Describes how to add and remove a product key from VAMT. | +|[Manage activations](manage-activations-vamt.md) |Describes how to activate a client computer by using various activation methods. | +|[Manage VAMT data](manage-vamt-data.md) |Describes how to save, import, export, and merge a Computer Information List (CILX) file using VAMT. | +|[VAMT step-by-step scenarios](vamt-step-by-step.md) |Provides step-by-step instructions for using VAMT in typical environments. | +|[VAMT known issues](vamt-known-issues.md) |Lists known issues in VAMT. | From dcb8dba5b39f42fa9c02233226da7ccae8984a92 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 16 Sep 2022 13:09:42 -0400 Subject: [PATCH 19/28] updates --- .../mdm/new-in-windows-mdm-enrollment-management.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 626ccbc0ba..926c1942fa 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -25,7 +25,6 @@ For details about Microsoft mobile device management protocols for Windows 10 an | New or updated article | Description | |--|--| -| [AssignedAccess](assignedaccess-csp.md) | Added the following node:
  • | | [DeviceStatus](devicestatus-csp.md) | Added the following node:
  • MDMClientCertAttestation | | [eUUICs](euiccs-csp.md) | Added the following node:
  • IsDiscoveryServer | | [PersonalDataEncryption](personaldataencryption-csp.md) | New CSP | From 4be987e335f3166f562f67ba354cd764751cb6fc Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Fri, 16 Sep 2022 10:18:40 -0700 Subject: [PATCH 20/28] heavy edit --- ...ctive-directory-based-activation-client.md | 116 +++++++++--------- 1 file changed, 57 insertions(+), 59 deletions(-) diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md index bbbd01c4eb..8dc4f7f75d 100644 --- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md +++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md @@ -1,50 +1,44 @@ --- -title: Activate using Active Directory-based activation (Windows 10) -description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects. -ms.custom: seo-marvel-apr2020 +title: Activate using Active Directory-based activation +description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects. manager: dougeby -ms.author: aaroncz -ms.prod: w10 author: aczechowski +ms.author: aaroncz +ms.prod: windows-client +ms.technology: itpro-deploy ms.localizationpriority: medium -ms.date: 01/13/2022 -ms.topic: article +ms.date: 09/16/2022 +ms.topic: how-to ms.collection: highpri --- # Activate using Active Directory-based activation -**Applies to** +**Applies to supported versions of** -- Windows 11 -- Windows 10 -- Windows 8.1 -- Windows 8 -- Windows Server 2012 R2 -- Windows Server 2012 -- Windows Server 2016 -- Windows Server 2019 -- Office 2021* -- Office 2019* -- Office 2016* -- Office 2013* +- Windows +- Windows Server +- Office -**Looking for retail activation?** +> [!TIP] +> Are you looking for information on retail activation? +> +> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0) +> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227) -- [Get Help Activating Microsoft Windows 7 or Windows 8.1](https://support.microsoft.com/help/15083/windows-activate-windows-7-or-8-1) -- [Get Help Activating Microsoft Windows 10](https://support.microsoft.com/help/12440/windows-10-activate) +Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that you update the forest schema using *adprep.exe* on a supported server OS. After the schema is updated, older domain controllers can still activate clients. -Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated using *adprep.exe* on a supported server OS, but after the schema is updated, older domain controllers can still activate clients. +Any domain-joined computers running a supported OS with a Generic Volume License Key (GVLK) will be activated automatically and transparently. They'll stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention. -Any domain-joined computers running a supported operating system with a Generic Volume License Key (GVLK) will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention. - -To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10. +To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10. The process proceeds as follows: -1. Perform one of the following tasks: - - Install the Volume Activation Services server role on a domain controller and add a KMS host key by using the Volume Activation Tools Wizard. - - Extend the domain to the Windows Server 2012 R2 or higher schema level, and add a KMS host key by using the VAMT. +1. Do _one_ of the following tasks: + + - Install the Volume Activation Services server role on a domain controller. Then add a KMS host key by using the Volume Activation Tools Wizard. + + - Extend the domain schema level to Windows Server 2012 R2 or later. Then add a KMS host key by using the VAMT. 2. Microsoft verifies the KMS host key, and an activation object is created. @@ -55,87 +49,91 @@ The process proceeds as follows: **Figure 10**. The Active Directory-based activation flow -For environments in which all computers are running an operating system listed under *Applies to*, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment. +For environments in which all computers are running a supported OS version, and they're joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers. You may be able to remove any KMS hosts from your environment. -If an environment will continue to contain earlier volume licensing operating systems and applications or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status for earlier volume licensing editions of Windows and Office. +If an environment will continue to contain earlier versions of volume licensed operating systems and applications, or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status. -Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain, but they will periodically attempt to reactivate before then and at the end of the 180 day period. By default, this reactivation event occurs every seven days. +Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain. They'll periodically attempt to reactivate before then and at the end of the 180 day period. By default, this reactivation event occurs every seven days. -When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object cannot be retrieved, client computers use KMS activation. If the computer is removed from the domain, and the computer or the Software Protection service is restarted, the operating system will change the status from activated to not activated, and the computer will try to activate with KMS. +When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object can't be retrieved, client computers use KMS activation. If the computer is removed from the domain, and the computer or the Software Protection service is restarted, Windows will change the status to "not activated" and the computer will try to activate with KMS. ## Step-by-step configuration: Active Directory-based activation > [!NOTE] -> You must be a member of the local Administrators group on all computers mentioned in these steps. You also need to be a member of the Enterprise Administrators group, because setting up Active Directory-based activation changes forest-wide settings. +> You must be a member of the local **Administrators** group on all computers mentioned in these steps. You also need to be a member of the **Enterprise Administrators** group, because setting up Active Directory-based activation changes forest-wide settings. -**To configure Active Directory-based activation on Windows Server 2012 R2 or higher, complete the following steps:** +To configure Active Directory-based activation on a supported version of Windows Server, complete the following steps: -1. Use an account with Domain Administrator and Enterprise Administrator credentials to sign in to a domain controller. +1. Use an account with **Domain Administrator** and **Enterprise Administrator** credentials to sign in to a domain controller. -2. Launch Server Manager. +2. Launch **Server Manager**. -3. Add the Volume Activation Services role, as shown in Figure 11. +3. Add the **Volume Activation Services** role, as shown in Figure 11. ![Adding the Volume Activation Services role.](../images/volumeactivationforwindows81-11.jpg) **Figure 11**. Adding the Volume Activation Services role -4. Click the link to launch the Volume Activation Tools (Figure 12). +4. Select the **Volume Activation Tools**, as shown in Figure 12. ![Launching the Volume Activation Tools.](../images/volumeactivationforwindows81-12.jpg) **Figure 12**. Launching the Volume Activation Tools -5. Select the **Active Directory-Based Activation** option (Figure 13). +5. Select the **Active Directory-Based Activation** option, as shown in Figure 13. ![Selecting Active Directory-Based Activation.](../images/volumeactivationforwindows81-13.jpg) **Figure 13**. Selecting Active Directory-Based Activation -6. Enter your KMS host key and (optionally) a display name (Figure 14). +6. Enter your KMS host key and optionally specify a display name, as shown in Figure 14. ![Choosing how to activate your product.](../images/volumeactivationforwindows81-15.jpg) **Figure 14**. Entering your KMS host key -7. Activate your KMS host key by phone or online (Figure 15). +7. Activate your KMS host key by phone or online, as shown in Figure 15. ![Entering your KMS host key.](../images/volumeactivationforwindows81-14.jpg) - + **Figure 15**. Choosing how to activate your product > [!NOTE] - > To activate a KMS Host Key (CSVLK) for Microsoft Office, you need to install the version-specific Office Volume License Pack on the server where the Volume Activation Server Role is installed. For more details, see [Activate volume licensed versions of Office by using Active Directory](/deployoffice/vlactivation/activate-office-by-using-active-directory). - - > - > + > To activate a KMS Host Key (CSVLK) for Microsoft Office, you need to install the version-specific Office Volume License Pack on the server where the Volume Activation Server Role is installed. + > > - [Office 2013 VL pack](https://www.microsoft.com/download/details.aspx?id=35584) - > + > > - [Office 2016 VL pack](https://www.microsoft.com/download/details.aspx?id=49164) > > - [Office 2019 VL pack](https://www.microsoft.com/download/details.aspx?id=57342) > > - [Office LTSC 2021 VL pack](https://www.microsoft.com/download/details.aspx?id=103446) + > + > For more information, see [Activate volume licensed versions of Office by using Active Directory](/deployoffice/vlactivation/activate-office-by-using-active-directory). -8. After activating the key, click **Commit**, and then click **Close**. +8. After activating the key, select **Commit**, and then select **Close**. ## Verifying the configuration of Active Directory-based activation To verify your Active Directory-based activation configuration, complete the following steps: -1. After you configure Active Directory-based activation, start a computer that is running an edition of Windows that is configured by volume licensing. -2. If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK by running the **slmgr.vbs /ipk** command and specifying the GLVK as the new product key. -3. If the computer is not joined to your domain, join it to the domain. +1. After you configure Active Directory-based activation, start a computer that is running an edition of Windows that's configured by volume licensing. + +2. If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK. Run the `slmgr.vbs /ipk` command and specifying the GLVK as the new product key. + +3. If the computer isn't joined to your domain, join it to the domain. + 4. Sign in to the computer. -5. Open Windows Explorer, right-click **Computer**, and then click **Properties**. + +5. Open Windows Explorer, right-click **Computer**, and then select **Properties**. + 6. Scroll down to the **Windows activation** section, and verify that this client has been activated. > [!NOTE] - > If you are using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that has not already been activated by KMS. The **slmgr.vbs /dlv** command also indicates whether KMS has been used. - > - > To manage individual activations or apply multiple (mass) activations, please consider using the [VAMT](./volume-activation-management-tool.md). - + > If you're using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that hasn't already been activated by KMS. The `slmgr.vbs /dlv` command also indicates whether KMS has been used. + > + > To manage individual activations or apply multiple (mass) activations, use the [VAMT](./volume-activation-management-tool.md). ## See also -- [Volume Activation for Windows 10](volume-activation-windows-10.md) +[Volume Activation for Windows 10](volume-activation-windows-10.md) From d2a997340c557261d37c2accdb7900e4e0c031bd Mon Sep 17 00:00:00 2001 From: tiaraquan Date: Fri, 16 Sep 2022 10:43:31 -0700 Subject: [PATCH 21/28] Need to add preview note to post-device reg readiness checks. --- .../windows-autopatch-post-reg-readiness-checks.md | 13 ++++++++----- .../prepare/windows-autopatch-prerequisites.md | 10 +++++----- 2 files changed, 13 insertions(+), 10 deletions(-) diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md index aa5eafc5b2..ad127f56ad 100644 --- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md +++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md @@ -1,7 +1,7 @@ --- title: Post-device registration readiness checks description: This article details how post-device registration readiness checks are performed in Windows Autopatch -ms.date: 09/15/2022 +ms.date: 09/16/2022 ms.prod: w11 ms.technology: windows ms.topic: conceptual @@ -12,7 +12,10 @@ manager: dougeby msreviewer: andredm7 --- -# Post-device registration readiness checks +# Post-device registration readiness checks (public preview) + +> [!IMPORTANT] +> This feature is in "public preview". It is being actively developed, and may not be complete. They're made available on a “Preview” basis. You can test and use these features in production environments and scenarios, and provide feedback. One of the most expensive aspects of the software update management process is to make sure devices are always healthy to receive and report software updates for each software update release cycle. @@ -57,7 +60,7 @@ A healthy or active device in Windows Autopatch is: - Actively sending data - Passes all post-device registration readiness checks -The post-device registration readiness checks are powered by the **Microsoft Cloud Managed Desktop Extension**. It's installed right after devices are successfully registered with Windows Autopatch. The **Microsoft Cloud Managed Desktop Extension** has the Device Readiness Check Plugin responsible for performing the readiness checks in devices and report back to the service. The **Microsoft Cloud Managed Desktop Extension** is a subcomponent of the overall Windows Autopatch service. +The post-device registration readiness checks are powered by the **Microsoft Cloud Managed Desktop Extension**. It's installed right after devices are successfully registered with Windows Autopatch. The **Microsoft Cloud Managed Desktop Extension** has the Device Readiness Check Plugin. The Device Readiness Check Plugin is responsible for performing the readiness checks and reporting the results back to the service. The **Microsoft Cloud Managed Desktop Extension** is a subcomponent of the overall Windows Autopatch service. The following list of post-device registration readiness checks is performed in Windows Autopatch: @@ -72,9 +75,9 @@ The following list of post-device registration readiness checks is performed in | **Microsoft Edge network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that devices with Microsoft Edge must be able to reach for software updates management. | | **Internet connectivity** | Checks to see if a device has internet connectivity to communicate with Microsoft cloud services. Windows Autopatch uses the PingReply class. Windows Autopatch tries to ping at least three different Microsoft’s public URLs two times each, to confirm that ping results aren't coming from the device’s cache. | -## Daily operations in Windows Autopatch +## Post-device registration readiness checks workflow -See the following end-to-end IT admin operation workflow: +See the following diagram for the post-device registration readiness checks workflow: :::image type="content" source="../media/windows-autopatch-post-device-registration-readiness-checks.png" alt-text="Post-device registration readiness checks" lightbox="../media/windows-autopatch-post-device-registration-readiness-checks.png"::: diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md index f5d9508b37..0b64d2adfa 100644 --- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md +++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md @@ -1,7 +1,7 @@ --- title: Prerequisites description: This article details the prerequisites needed for Windows Autopatch -ms.date: 08/04/2022 +ms.date: 09/16/2022 ms.prod: w11 ms.technology: windows ms.topic: conceptual @@ -24,7 +24,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl | Licensing | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium and Microsoft Intune are required. For details about the specific service plans, see [more about licenses](#more-about-licenses).

    For more information on available licenses, see [Microsoft 365 licensing](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).

    For more information about licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the [Product Terms site](https://www.microsoft.com/licensing/terms/). | | Connectivity | All Windows Autopatch devices require connectivity to multiple Microsoft service endpoints from the corporate network.

    For the full list of required IPs and URLs, see [Configure your network](../prepare/windows-autopatch-configure-network.md). | | Azure Active Directory | Azure Active Directory must either be the source of authority for all user accounts, or user accounts must be synchronized from on-premises Active Directory using the latest supported version of Azure Active Directory Connect to enable Hybrid Azure Active Directory join.

    • For more information, see [Azure Active Directory Connect](/azure/active-directory/hybrid/whatis-azure-ad-connect) and [Hybrid Azure Active Directory join](/azure/active-directory/devices/howto-hybrid-azure-ad-join)
    • For more information on supported Azure Active Directory Connect versions, see [Azure AD Connect:Version release history](/azure/active-directory/hybrid/reference-connect-version-history).
    | -| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

    At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see Co-management requirements for Windows Autopatch below.

    Other device management prerequisites include:

    • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
    • Devices must be managed by either Intune or Configuration Manager Co-management. Devices only managed by Configuration Manager aren't supported.
    • Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.
    • Devices must be connected to the internet.
    • Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate this information fail to meet **Intune or Cloud-attached** prerequisite check.

    See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works.

    For more information on co-management, see [Co-management for Windows devices](/mem/configmgr/comanage/overview).

    | +| Device management | Windows Autopatch devices must be managed by Microsoft Intune. Intune must be set as the Mobile Device Management (MDM) authority or co-management must be turned on and enabled on the target devices.

    At a minimum, the Windows Update, Device configuration and Office Click-to-Run apps workloads must be set to Pilot Intune or Intune. You must also ensure that the devices you intend on bringing to Windows Autopatch are in the targeted device collection. For more information, see [co-management requirements for Windows Autopatch](#configuration-manager-co-management-requirements).

    Other device management prerequisites include:

    • Devices must be corporate-owned. Windows bring-your-own-devices (BYOD) are blocked during device registration prerequisite checks.
    • Devices must be managed by either Intune or Configuration Manager co-management. Devices only managed by Configuration Manager aren't supported.
    • Devices must be in communication with Microsoft Intune in the **last 28 days**. Otherwise, the devices won't be registered with Autopatch.
    • Devices must be connected to the internet.
    • Devices must have a **Serial number**, **Model** and **Manufacturer**. Device emulators that don't generate this information fail to meet **Intune or Cloud-attached** prerequisite check.

    See [Register your devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices) for more details on device prerequisites and on how the device registration process works.

    For more information on co-management, see [co-management for Windows devices](/mem/configmgr/comanage/overview).

    | | Data and privacy | For more information on Windows Autopatch privacy practices, see [Windows Autopatch Privacy](../references/windows-autopatch-privacy.md). | ## More about licenses @@ -45,13 +45,13 @@ The following Windows OS 10 editions, 1809 builds and architecture are supported - Windows 10 (1809+)/11 Enterprise - Windows 10 (1809+)/11 Pro for Workstations -## Configuration Manager Co-management requirements +## Configuration Manager co-management requirements Windows Autopatch fully supports co-management. The following co-management requirements apply: - Use a currently supported [Configuration Manager version](/mem/configmgr/core/servers/manage/updates#supported-versions). -- ConfigMgr must be [cloud-attached with Intune (Co-management)](/mem/configmgr/cloud-attach/overview) and must have the following Co-management workloads enabled: - - Set the [Windows Update workload](/mem/configmgr/comanage/workloads#windows-update-policies) to Pilot Intune or Intune. +- ConfigMgr must be [cloud-attached with Intune (co-management)](/mem/configmgr/cloud-attach/overview) and must have the following co-management workloads enabled: + - Set the [Windows Update policies workload](/mem/configmgr/comanage/workloads#windows-update-policies) to Pilot Intune or Intune. - Set the [Device configuration workload](/mem/configmgr/comanage/workloads#device-configuration) to Pilot Intune or Intune. - Set the [Office Click-to-Run apps workload](/mem/configmgr/comanage/workloads#office-click-to-run-apps) to Pilot Intune or Intune. From 6ca22212934e7750db07ce1bf235c0fc5bf88fbe Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 16 Sep 2022 14:22:47 -0400 Subject: [PATCH 22/28] updates --- .../mdm/new-in-windows-mdm-enrollment-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md index 926c1942fa..715e8578ea 100644 --- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md +++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md @@ -28,7 +28,7 @@ For details about Microsoft mobile device management protocols for Windows 10 an | [DeviceStatus](devicestatus-csp.md) | Added the following node:
  • MDMClientCertAttestation | | [eUUICs](euiccs-csp.md) | Added the following node:
  • IsDiscoveryServer | | [PersonalDataEncryption](personaldataencryption-csp.md) | New CSP | -| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • System/ConfigureWinSEMode
  • textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • WebThreatDefense/NotifyMalicious
  • WebThreatDefense/NotifyPasswordReuse
  • WebThreatDefense/NotifyUnsafeApp
  • Windowslogon/EnableMPRNotifications | +| [Policy CSP](policy-configuration-service-provider.md) | Added the following nodes:
  • Accounts/RestrictToEnterpriseDeviceAuthenticationOnly
  • DesktopAppInstaller/EnableAdditionalSources
  • DesktopAppInstaller/EnableAllowedSources
  • DesktopAppInstaller/EnableAppInstaller
  • DesktopAppInstaller/EnableDefaultSource
  • DesktopAppInstaller/EnableExperimentalFeatures
  • DesktopAppInstaller/EnableHashOverride
  • DesktopAppInstaller/EnableLocalManifestFiles
  • DesktopAppInstaller/EnableMicrosoftStoreSource
  • DesktopAppInstaller/EnableMSAppInstallerProtocol
  • DesktopAppInstaller/EnableSettings
  • DesktopAppInstaller/SourceAutoUpdateInterval
  • Education/EnableEduThemes
  • Experience/AllowSpotlightCollectionOnDesktop
  • FileExplorer/DisableGraphRecentItems
  • HumanPresence/ForceInstantDim
  • InternetExplorer/EnableGlobalWindowListInIEMode
  • InternetExplorer/HideIEAppRetirementNotification
  • InternetExplorer/ResetZoomForDialogInIEMode
  • LocalSecurityAuthority/AllowCustomSSPsAPs
  • LocalSecurityAuthority/ConfigureLsaProtectedProcess
  • MixedReality/AllowCaptivePortalBeforeLogon
  • MixedReality/AllowLaunchUriInSingleAppKiosk
  • MixedReality/AutoLogonUser
  • MixedReality/ConfigureMovingPlatform
  • MixedReality/ConfigureNtpClient
  • MixedReality/ManualDownDirectionDisabled
  • MixedReality/NtpClientEnabled
  • MixedReality/SkipCalibrationDuringSetup
  • MixedReality/SkipTrainingDuringSetup
  • NetworkListManager/AllowedTlsAuthenticationEndpoints
  • NetworkListManager/ConfiguredTLSAuthenticationNetworkName
  • Printers/ConfigureCopyFilesPolicy
  • Printers/ConfigureDriverValidationLevel
  • Printers/ConfigureIppPageCountsPolicy
  • Printers/ConfigureRedirectionGuard
  • Printers/ConfigureRpcConnectionPolicy
  • Printers/ConfigureRpcListenerPolicy
  • Printers/ConfigureRpcTcpPort
  • Printers/ManageDriverExclusionList
  • Printers/RestrictDriverInstallationToAdministrators
  • RemoteDesktopServices/DoNotAllowWebAuthnRedirection
  • Search/AllowSearchHighlights
  • Search/DisableSearch
  • SharedPC/EnabledSharedPCModeWithOneDriveSync
  • Start/DisableControlCenter
  • Start/DisableEditingQuickSettings
  • Start/HideRecommendedSection
  • Start/HideTaskViewButton
  • Start/SimplifyQuickSettings
  • Stickers/EnableStickers
  • Textinput/allowimenetworkaccess
  • Update/NoUpdateNotificationDuringActiveHours
  • WebThreatDefense/EnableService
  • WebThreatDefense/NotifyMalicious
  • WebThreatDefense/NotifyPasswordReuse
  • WebThreatDefense/NotifyUnsafeApp
  • Windowslogon/EnableMPRNotifications | | [SecureAssessment](secureassessment-csp.md) | Added the following node:
  • Asssessments | | [WindowsAutopilot](windowsautopilot-csp.md) | Added the following node:
  • HardwareMismatchRemediationData | From d4310f4cc403e01429421d244cf1cfe23f1ab446 Mon Sep 17 00:00:00 2001 From: Xander Fiss <69924000+xandfis@users.noreply.github.com> Date: Fri, 16 Sep 2022 14:38:28 -0700 Subject: [PATCH 23/28] DisableGraphRecentItems policy Adds information about the new FileExplorer/DisableGraphRecentItems policy. --- .../mdm/policy-csp-fileexplorer.md | 60 ++++++++++++++++++- 1 file changed, 59 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index 5f49f1d40e..665b655153 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -46,8 +46,13 @@ manager: aaroncz
    FileExplorer/SetAllowedStorageLocations
    +
    + FileExplorer/DisableGraphRecentItems +
    + +
    @@ -350,9 +355,62 @@ ADMX Info:
    + +**FileExplorer/DisableGraphRecentItems** + + + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|Yes| +|Pro|No|Yes| +|Windows SE|No|Yes| +|Business|No|Yes| +|Enterprise|No|Yes| +|Education|No|Yes| + + +
    + + +[Scope](./policy-configuration-service-provider.md#policy-scope): + +> [!div class = "checklist"] +> * User + +
    + + + + + +This policy changes whether files from Office.com will be shown in the Recents and Favorites sections on the Home node (previously known as Quick Access) in File Explorer. + + + + +The following list shows the supported values: + +- 0: files from Office.com will display in the Home node +- 1: no files from Office.com will be retrieved or displayed + + + + +ADMX Info: +- GP Friendly name: *Turn off files from Office.com in Quick access view* +- GP name: *DisableGraphRecentItems* +- GP path: *File Explorer* +- GP ADMX file name: *Explorer.admx* + + + + +
    + ## Related topics -[Policy configuration service provider](policy-configuration-service-provider.md) \ No newline at end of file +[Policy configuration service provider](policy-configuration-service-provider.md) From 091f32a70e2f884a59728106af7aa57ca8618613 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 16 Sep 2022 17:55:16 -0400 Subject: [PATCH 24/28] Update policy-csp-fileexplorer.md --- .../mdm/policy-csp-fileexplorer.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index 665b655153..c488bc040e 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -281,10 +281,10 @@ This policy configures the folders that the user can enumerate and access in the The following list shows the supported values: - 0: All folders -- 15:Desktop, Documents, Pictures, and Downloads -- 31:Desktop, Documents, Pictures, Downloads, and Network -- 47:This PC (local drive), [Desktop, Documents, Pictures], and Downloads -- 63:This PC, [Desktop, Documents, Pictures], Downloads, and Network +- 15: Desktop, Documents, Pictures, and Downloads +- 31: Desktop, Documents, Pictures, Downloads, and Network +- 47: This PC (local drive), [Desktop, Documents, Pictures], and Downloads +- 63: This PC, [Desktop, Documents, Pictures], Downloads, and Network @@ -336,7 +336,7 @@ This policy configures the folders that the user can enumerate and access in the The following list shows the supported values: -- 0: all storage locations +- 0: All storage locations - 1: Removable Drives - 2: Sync roots - 3: Removable Drives, Sync roots, local drive @@ -391,8 +391,8 @@ This policy changes whether files from Office.com will be shown in the Recents a The following list shows the supported values: -- 0: files from Office.com will display in the Home node -- 1: no files from Office.com will be retrieved or displayed +- 0: Files from Office.com will display in the Home node +- 1: No files from Office.com will be retrieved or displayed From 904212addafa6e837815da4c0eb19ed8ab5f5866 Mon Sep 17 00:00:00 2001 From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com> Date: Fri, 16 Sep 2022 17:59:06 -0400 Subject: [PATCH 25/28] Update policy-csp-fileexplorer.md --- windows/client-management/mdm/policy-csp-fileexplorer.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md index c488bc040e..be7a776997 100644 --- a/windows/client-management/mdm/policy-csp-fileexplorer.md +++ b/windows/client-management/mdm/policy-csp-fileexplorer.md @@ -362,10 +362,10 @@ ADMX Info: |Edition|Windows 10|Windows 11| |--- |--- |--- | -|Home|No|Yes| +|Home|No|No| |Pro|No|Yes| |Windows SE|No|Yes| -|Business|No|Yes| +|Business|No|No| |Enterprise|No|Yes| |Education|No|Yes| From d0660c38113cf2b95d5fc5245df5bbd1fd435b30 Mon Sep 17 00:00:00 2001 From: David Strome Date: Fri, 16 Sep 2022 16:47:50 -0700 Subject: [PATCH 26/28] Add back smb docset temporarily --- smb/docfx.json | 63 +++++++++++++++++++++++++++++ smb/includes/smb-content-updates.md | 11 +++++ 2 files changed, 74 insertions(+) create mode 100644 smb/docfx.json create mode 100644 smb/includes/smb-content-updates.md diff --git a/smb/docfx.json b/smb/docfx.json new file mode 100644 index 0000000000..15de5f0bb4 --- /dev/null +++ b/smb/docfx.json @@ -0,0 +1,63 @@ +{ + "build": { + "content": [ + { + "files": [ + "**/*.md", + "**/*.yml" + ], + "exclude": [ + "**/obj/**", + "smb/**", + "**/includes/**" + ] + } + ], + "resource": [ + { + "files": [ + "**/*.png", + "**/*.jpg" + ], + "exclude": [ + "**/obj/**", + "smb/**", + "**/includes/**" + ] + } + ], + "overwrite": [], + "externalReference": [], + "globalMetadata": { + "recommendations": true, + "breadcrumb_path": "/windows/smb/breadcrumb/toc.json", + "uhfHeaderId": "MSDocsHeader-M365-IT", + "feedback_system": "None", + "hideEdit": true, + "_op_documentIdPathDepotMapping": { + "./": { + "depot_name": "TechNet.smb", + "folder_relative_path_in_docset": "./" + } + }, + "contributors_to_exclude": [ + "rjagiewich", + "traya1", + "rmca14", + "claydetels19", + "Kellylorenebaker", + "jborsecnik", + "tiburd", + "AngelaMotherofDragons", + "dstrome", + "v-dihans", + "garycentric" + ], + "titleSuffix": "Windows for Small to Midsize Business" + }, + "fileMetadata": {}, + "template": [], + "dest": "smb", + "markdownEngineName": "markdig" + } +} diff --git a/smb/includes/smb-content-updates.md b/smb/includes/smb-content-updates.md new file mode 100644 index 0000000000..4414b9e00b --- /dev/null +++ b/smb/includes/smb-content-updates.md @@ -0,0 +1,11 @@ + + + + +## Week of July 18, 2022 + + +| Published On |Topic title | Change | +|------|------------|--------| +| 7/22/2022 | Deploy and manage a full cloud IT solution for your business | removed | +| 7/22/2022 | Windows 10/11 for small to midsize businesses | removed | From 2db6549101892d856ce1633d191159ecfc780ae7 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Sat, 17 Sep 2022 20:09:31 -0400 Subject: [PATCH 27/28] Minor updates --- education/windows/edu-stickers.md | 50 +++++++++---------- education/windows/edu-themes.md | 50 +++++++++---------- .../windows/images/icons/accessibility.svg | 3 ++ .../windows/images/icons/group-policy.svg | 3 ++ education/windows/images/icons/intune.svg | 24 +++++++++ education/windows/images/icons/powershell.svg | 20 ++++++++ .../images/icons/provisioning-package.svg | 3 ++ education/windows/images/icons/registry.svg | 22 ++++++++ education/windows/images/icons/windows-os.svg | 3 ++ 9 files changed, 124 insertions(+), 54 deletions(-) create mode 100644 education/windows/images/icons/accessibility.svg create mode 100644 education/windows/images/icons/group-policy.svg create mode 100644 education/windows/images/icons/intune.svg create mode 100644 education/windows/images/icons/powershell.svg create mode 100644 education/windows/images/icons/provisioning-package.svg create mode 100644 education/windows/images/icons/registry.svg create mode 100644 education/windows/images/icons/windows-os.svg diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md index 857ad0910f..64a656dabe 100644 --- a/education/windows/edu-stickers.md +++ b/education/windows/edu-stickers.md @@ -1,6 +1,6 @@ --- title: Configure Stickers for Windows 11 SE -description: Description of Stickers for Windows 11 SE and how to configure them via MDM +description: Description of the Stickers feature and how to configure it via Intune and provisioning package. ms.date: 09/15/2022 ms.prod: windows ms.technology: windows @@ -33,33 +33,29 @@ With Stickers, students feel more attached to the device as they feel as if it's ## Enable Stickers -Stickers aren't enabled by default. IT administrators can allow students to personalize their devices without losing control over apps or device performance using Microsoft Intune. +Stickers aren't enabled by default. Follow the instructions below to configure your devices using either Microsoft Intune or a provisioning package (PPKG). -1. Sign in to the Microsoft Endpoint Manager admin center -1. Select **Devices** > **Configuration profiles** > **Create profile** -1. Enter the following properties: - - **Platform**: select **Windows 10 and later** - - **Profile type**: select **Templates** - - **Template name**: select **Custom** -1. Select **Create** -1. In **Basics**, enter the following properties: - - **Name**: enter a descriptive name for the profile - - **Description**: enter a description for the profile. This setting is optional, but recommended -1. Select **Next** -1. In **Configuration settings**, select **Add** -1. In **Add Row**, enter the following properties: - - Name: enter **EnableStickers** - - OMA-URI: `./Vendor/MSFT/Policy/Config/Stickers/EnableStickers` - - Data type: **Integer** - - Value: **1** -1. Select **Save** -1. Select **Next** -1. In **Scope tags**, assign any applicable tags (optional) -1. Select **Next** -1. In **Assignments**, select the security groups that will receive the policy -1. Select **Next** -1. In **Applicability Rules**, select **Next** -1. In **Review + create**, review your settings and select **Create** +#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) + +To enable Stickers using Microsoft Intune, [create a custom profile][MEM-1] with the following settings: + +| Setting | +|--------| +|
  • OMA-URI: **`./Vendor/MSFT/Policy/Config/Stickers/EnableStickers`**
  • Data type: **Integer**
  • Value: **1**
    • | + +Assign the policy to a security group that contains as members the devices or users that you want to enable Stickers on. + +#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) + +To configure Stickers using a provisioning package, use the following settings: + +| Setting | +|--------| +|
  • Path: **`Education/AllowStickers`**
  • Value: **True**
    • | + +Apply the provisioning package to the devices that you want to enable Stickers on. + +--- ## How to use Stickers diff --git a/education/windows/edu-themes.md b/education/windows/edu-themes.md index 8dba7e4dc8..0217cacd14 100644 --- a/education/windows/edu-themes.md +++ b/education/windows/edu-themes.md @@ -1,6 +1,6 @@ --- title: Configure education themes for Windows 11 -description: Description of education themes for Windows 11 and how to configure them via MDM +description: Description of education themes for Windows 11 and how to configure them via Intune and provisioning package. ms.date: 09/15/2022 ms.prod: windows ms.technology: windows @@ -27,33 +27,29 @@ Students can choose their own themes, making it feel the device is their own. Wh ## Enable education themes -Education themes aren't enabled by default. IT administrators can configure devices to download the education themes using Microsoft Intune. +Education themes aren't enabled by default. Follow the instructions below to configure your devices using either Microsoft Intune or a provisioning package (PPKG). -1. Sign in to the Microsoft Endpoint Manager admin center -1. Select **Devices** > **Configuration profiles** > **Create profile** -1. Enter the following properties: - - **Platform**: select **Windows 10 and later** - - **Profile type**: select **Templates** - - **Template name**: select **Custom** -1. Select **Create** -1. In **Basics**, enter the following properties: - - **Name**: enter a descriptive name for the profile - - **Description**: enter a description for the profile. This setting is optional, but recommended -1. Select **Next** -1. In **Configuration settings**, select **Add** -1. In **Add Row**, enter the following properties: - - Name: enter **EnableEduThemes** - - OMA-URI: `./Vendor/MSFT/Policy/Config/Education/EnableEduThemes` - - Data type: **Integer** - - Value: **1** -1. Select **Save** -1. Select **Next** -1. In **Scope tags**, assign any applicable tags (optional) -1. Select **Next** -1. In **Assignments**, select the security groups that will receive the policy -1. Select **Next** -1. In **Applicability Rules**, select **Next** -1. In **Review + create**, review your settings and select **Create** +#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune) + +To enable education themes using Microsoft Intune, [create a custom profile][MEM-1] with the following settings: + +| Setting | +|--------| +|
  • OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/EnableEduThemes`**
  • Data type: **Integer**
  • Value: **1**
    • | + +Assign the policy to a security group that contains as members the devices or users that you want to enable education themes on. + +#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg) + +To configure education themes using a provisioning package, use the following settings: + +| Setting | +|--------| +|
  • Path: **`Education/EnableEduThemes`**
  • Value: **True**
    • | + +Apply the provisioning package to the devices that you want to enable education themes on. + +--- ## How to use the education themes diff --git a/education/windows/images/icons/accessibility.svg b/education/windows/images/icons/accessibility.svg new file mode 100644 index 0000000000..21a6b4f235 --- /dev/null +++ b/education/windows/images/icons/accessibility.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/education/windows/images/icons/group-policy.svg b/education/windows/images/icons/group-policy.svg new file mode 100644 index 0000000000..ace95add6b --- /dev/null +++ b/education/windows/images/icons/group-policy.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/education/windows/images/icons/intune.svg b/education/windows/images/icons/intune.svg new file mode 100644 index 0000000000..6e0d938aed --- /dev/null +++ b/education/windows/images/icons/intune.svg @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + Icon-intune-329 + + + + + + + + \ No newline at end of file diff --git a/education/windows/images/icons/powershell.svg b/education/windows/images/icons/powershell.svg new file mode 100644 index 0000000000..ab2d5152ca --- /dev/null +++ b/education/windows/images/icons/powershell.svg @@ -0,0 +1,20 @@ + + + + + + + + + + MsPortalFx.base.images-10 + + + + + + + + + + \ No newline at end of file diff --git a/education/windows/images/icons/provisioning-package.svg b/education/windows/images/icons/provisioning-package.svg new file mode 100644 index 0000000000..dbbad7d780 --- /dev/null +++ b/education/windows/images/icons/provisioning-package.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file diff --git a/education/windows/images/icons/registry.svg b/education/windows/images/icons/registry.svg new file mode 100644 index 0000000000..06ab4c09d7 --- /dev/null +++ b/education/windows/images/icons/registry.svg @@ -0,0 +1,22 @@ + + + + + + + + + + + + + + + + + + + Icon-general-18 + + + \ No newline at end of file diff --git a/education/windows/images/icons/windows-os.svg b/education/windows/images/icons/windows-os.svg new file mode 100644 index 0000000000..da64baf975 --- /dev/null +++ b/education/windows/images/icons/windows-os.svg @@ -0,0 +1,3 @@ + + + \ No newline at end of file From 54debdf349727f62f198d80d0f2924ffad6bf481 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Mon, 19 Sep 2022 08:17:42 -0400 Subject: [PATCH 28/28] added links --- education/windows/edu-stickers.md | 4 ++++ education/windows/edu-themes.md | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/education/windows/edu-stickers.md b/education/windows/edu-stickers.md index 64a656dabe..61a5840936 100644 --- a/education/windows/edu-stickers.md +++ b/education/windows/edu-stickers.md @@ -71,3 +71,7 @@ Multiple stickers can be added from the picker by selecting them. The stickers c :::image type="content" source="./images/win-11-se-stickers-animation.gif" alt-text="animation showing Windows 11 SE desktop with 4 pirate stickers being resized and moved" border="true"::: Select the *X button* at the top of the screen to save your progress and close the sticker editor. + +----------- + +[MEM-1]: /mem/intune/configuration/custom-settings-windows-10 \ No newline at end of file diff --git a/education/windows/edu-themes.md b/education/windows/edu-themes.md index 0217cacd14..8a1f1a3d15 100644 --- a/education/windows/edu-themes.md +++ b/education/windows/edu-themes.md @@ -58,3 +58,7 @@ Once the education themes are enabled, the device will download them as soon as To change the theme, select **Settings** > **Personalization** > **Themes** > **Select a theme** :::image type="content" source="./images/win-11-se-themes.png" alt-text="Windows 11 education themes selection" border="true"::: + +----------- + +[MEM-1]: /mem/intune/configuration/custom-settings-windows-10 \ No newline at end of file