deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 05:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merge branch 'master' into nimishasatapathy-5556913-terminalserver

Browse Source
This commit is contained in:
Alekhya Jupudi 2022-01-04 11:11:48 +05:30
commit 9faa373f01
905 changed files with 6044 additions and 12553 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.acrolinx-config.edn
View File

@ -1,4 +1,4 @@
{:allowed-branchname-matches ["master"]
{:allowed-branchname-matches ["master" "main"]
:allowed-filename-matches ["windows/"]
:targets
@ -47,12 +47,12 @@ For more information about the exception criteria and exception process, see [Mi
Click the scorecard links for each article to review the Acrolinx feedback on grammar, spelling, punctuation, writing style, and terminology:
| Article | Score | Issues | Scorecard | Processed |
| ------- | ----- | ------ | --------- | --------- |
| Article | Score | Issues | Spelling<br>issues | Scorecard | Processed |
| ------- | ----- | ------ | ------ | --------- | --------- |
"
:template-change
"| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | [link](${acrolinx/scorecard}) | ${s/status} |
"| ${s/file} | ${acrolinx/qualityscore} | ${acrolinx/flags/issues} | ${acrolinx/flags/spelling} | [link](${acrolinx/scorecard}) | ${s/status} |
"
:template-footer

93
.openpublishing.redirection.json
View File

@ -1,5 +1,90 @@
{
"redirections": [
{
"source_path": "windows/client-management/mdm/windowssecurityauditing-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/windowssecurityauditing-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/remotelock-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/remotelock-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/registry-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/registry-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/maps-ddf-file.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/maps-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/hotspot-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/filesystem-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/EnterpriseExtFileSystem-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseext-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseext-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-xsd.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-ddf.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enterpriseassignedaccess-csp.md",
"redirect_url": "https://support.microsoft.com/windows/windows-10-mobile-end-of-support-faq-8c2dd1cf-a571-00f0-0881-bb83926d05c5",
"redirect_document_id": false
},
{
"source_path": "windows/client-management/mdm/enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md",
"redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",
@ -16411,7 +16496,7 @@
"redirect_document_id": false
},
{
"source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md",
"source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md",
"redirect_url": "/microsoft-365/security/defender-endpoint/gov",
"redirect_document_id": false
},
@ -19201,7 +19286,11 @@
"source_path": "windows/client-management/mdm/policy-csp-admx-skydrive.md",
"redirect_url": "/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools",
"redirect_document_id": true
},
{
"source_path": "windows/privacy/license-terms-windows-diagnostic-data-for-powershell.md",
"redirect_url": "/legal/windows/license-terms-windows-diagnostic-data-for-powershell",
"redirect_document_id": false
}
]
}

2
browsers/edge/group-policies/index.yml
View File

@ -9,7 +9,7 @@ metadata:
keywords: Microsoft Edge Legacy, Windows 10
ms.localizationpriority: medium
ms.prod: edge
author: shortpatti
author: dougeby
ms.author: pashort
ms.topic: landing-page
ms.devlang: na

2
browsers/edge/index.yml
View File

@ -11,7 +11,7 @@ metadata:
ms.localizationpriority: medium
ms.topic: landing-page # Required
ms.collection: collection # Optional; Remove if no collection is used.
author: shortpatti #Required; your GitHub user alias, with correct capitalization.
author: dougeby #Required; your GitHub user alias, with correct capitalization.
ms.author: pashort #Required; microsoft alias of author; optional team alias.
ms.date: 07/07/2020 #Required; mm/dd/yyyy format.

2
browsers/edge/microsoft-edge-faq.yml
View File

@ -62,7 +62,7 @@ sections:
- question: Will Internet Explorer 11 continue to receive updates?
answer: |
We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](https://support.microsoft.com/help/17454/). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
We're committed to keeping Internet Explorer a supported, reliable, and safe browser. Internet Explorer is still a component of Windows and follows the support lifecycle of the OS on which it's installed. For details, see [Lifecycle FAQ - Internet Explorer](/lifecycle/faq/internet-explorer-microsoft-edge). While we continue to support and update Internet Explorer, the latest features and platform updates will only be available in Microsoft Edge.
- question: How do I find out which version of Microsoft Edge I have?
answer: |

6
browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
View File

@ -14,9 +14,7 @@ ms.author: dansimp
[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)<br>
Return to: [Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md)
<p>
<img src="images/docmode-decisions-lg.png" alt="Full-sized flowchart detailing how document modes are chosen in IE11" width="1355" height="1625" style="max-width:none;">
</p>
:::image type="content" source="images/docmode-decisions-lg.png" alt-text="Full-sized flowchart detailing how document modes are chosen in IE11" lightbox="images/docmode-decisions-lg.png":::

9
browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
View File

@ -36,11 +36,4 @@ Use the topics in this section to learn about how to auto detect your settings,
|------|------------|
|[Auto detect settings Internet Explorer 11](auto-detect-settings-for-ie11.md) |Guidance about how to update your automatic detection of DHCP and DNS servers. |
|[Auto configuration settings for Internet Explorer 11](auto-configuration-settings-for-ie11.md) |Guidance about how to add, update and lock your auto configuration settings. |
|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. | 
|[Auto proxy configuration settings for Internet Explorer 11](auto-proxy-configuration-settings-for-ie11.md) |Guidance about how to add, update, and lock your auto-proxy settings. |

3
browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.yml
View File

@ -24,9 +24,6 @@ summary: |
sections:
- name: Ignored
questions:
- question: |
Frequently Asked Questions
answer: |
- question: |
What operating system does IE11 run on?
answer: |

4
browsers/internet-explorer/internet-explorer.yml
View File

@ -31,7 +31,7 @@ landingContent:
- text: Use Enterprise Mode to improve compatibility
url: /microsoft-edge/deploy/emie-to-improve-compatibility
- text: Lifecycle FAQ - Internet Explorer
url: https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer
url: /lifecycle/faq/internet-explorer-microsoft-edge
- linkListType: download
links:
- text: Download IE11 with Windows 10
@ -123,7 +123,7 @@ landingContent:
- text: Group Policy preferences for IE11
url: ./ie11-deploy-guide/group-policy-preferences-and-ie11.md
- text: Configure Group Policy preferences
url: https://support.microsoft.com/help/2898604/how-to-configure-group-policy-preference-settings-for-internet-explorer-11-in-windows-8.1-or-windows-server-2012-r2
url: /troubleshoot/browsers/how-to-configure-group-policy-preference-settings
- text: Blocked out-of-date ActiveX controls
url: ./ie11-deploy-guide/blocked-out-of-date-activex-controls.md
- text: Out-of-date ActiveX control blocking

4
browsers/internet-explorer/kb-support/ie-edge-faqs.yml
View File

@ -148,7 +148,7 @@ sections:
- question: |
Where to find Internet Explorer security zones registry entries
answer: |
Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](https://support.microsoft.com/help/182569/internet-explorer-security-zones-registry-entries-for-advanced-users).
Most of the Internet Zone entries can be found in [Internet Explorer security zones registry entries for advanced users](/troubleshoot/browsers/ie-security-zones-registry-entries).
This article was written for Internet Explorer 6 but is still applicable to Internet Explorer 11.
@ -193,7 +193,7 @@ sections:
answer: |
Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
For more information, see [Lifecycle FAQ — Internet Explorer and Edge](https://support.microsoft.com/help/17454/lifecycle-faq-internet-explorer).
For more information, see [Lifecycle FAQ — Internet Explorer and Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
- question: |
How to configure TLS (SSL) for Internet Explorer

28
education/includes/education-content-updates.md
View File

@ -2,6 +2,24 @@
## Week of December 13, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 12/13/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | modified |
| 12/13/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
## Week of November 29, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 11/29/2021 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | added |
| 11/29/2021 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | added |
## Week of November 15, 2021
@ -12,13 +30,3 @@
| 11/18/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
| 11/18/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
| 11/18/2021 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
## Week of October 25, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 10/28/2021 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
| 10/28/2021 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
| 10/28/2021 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified |

2
education/windows/windows-11-se-overview.md
View File

@ -20,7 +20,7 @@ ms.topic: article
- Windows 11 SE
- Microsoft Intune for Education
Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled.
Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled (subscription sold separately).
For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits:

39
education/windows/windows-11-se-settings-list.md
View File

@ -62,6 +62,45 @@ The following settings can't be changed.
| Administrative tools | Administrative tools, such as the command prompt and Windows PowerShell, can't be opened. Windows PowerShell scripts deployed using Microsoft Endpoint Manager can run. |
| Apps | Only certain apps are allowed to run on Windows 11 SE. For more info on what apps can run on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md). |
## What's available in the Settings app
On Windows 11 SE devices, the Settings app shows the following setting pages. Depending on the hardware, some setting pages might not be shown.
- Accessibility
- Accounts
- Email & accounts
- Apps
- Bluetooth & devices
- Bluetooth
- Printers & scanners
- Mouse
- Touchpad
- Typing
- Pen
- AutoPlay
- Network & internet
- WiFi
- VPN
- Personalization
- Taskbar
- Privacy & security
- System
- Display
- Notifications
- Tablet mode
- Multitasking
- Projecting to this PC
- Time & Language
- Language & region
## Next steps
[Windows 11 SE for Education overview](windows-11-se-overview.md)

167
smb/cloud-mode-business-setup.md
View File

@ -34,7 +34,7 @@ In this walkthrough, we'll show you how to deploy and manage a full cloud IT sol
- Create policies and app deployment rules
- Log in as a user and start using your Windows device
Go to the <a href="https://business.microsoft.com" target="_blank">Microsoft Business site</a> and select **Products** to learn more about pricing and purchasing options for your business.
Go to [Microsoft 365 for business](https://www.microsoft.com/microsoft-365/business) to learn more about pricing and purchasing options for your business.
## Prerequisites
@ -50,16 +50,17 @@ Here's a few things to keep in mind before you get started:
To set up a cloud infrastructure for your organization, follow the steps in this section.
### 1.1 Set up Office 365 for business
See <a href="https://support.office.com/article/Set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa" target="_blank">Set up Office 365 for business</a> to learn more about the setup steps for businesses and nonprofits who have Office 365. You can watch video and learn how to:
See [Microsoft 365 admin center for business](/microsoft-365/admin) and [Microsoft 365 resources for nonprofits](https://www.microsoft.com/nonprofits/microsoft-365) to learn more about the setup steps for businesses and nonprofits who have Office 365. You can learn how to:
- Plan your setup
- Create Office 365 accounts and how to add your domain.
- Install Office
To set up your Microsoft 365 for business tenant, see <a href="https://support.office.com/article/Get-started-with-Office-365-for-Business-d6466f0d-5d13-464a-adcb-00906ae87029" target="_blank">Get Started with Microsoft 365 for business</a>.
To set up your Microsoft 365 for business tenant, see [Get Started with Microsoft 365 for business](/microsoft-365/business-video/what-is-microsoft-365).
If you're new at setting up Office 365, and you'd like to see how it's done, you can follow these steps to get started:
1. Go to the <a href="https://products.office.com/business/office-365-affiliate-program-buy-business-premium" target="_blank">Office 365</a> page in the <a href="https://business.microsoft.com" target="_blank">Microsoft Business site</a>. Select **Try now** to use the Microsoft 365 Business Standard Trial or select **Buy now** to sign up for Microsoft 365 Business Standard. In this walkthrough, we'll select **Try now**.
1. Go to [Try or buy a Microsoft 365 for business subscription](/microsoft-365/commerce/try-or-buy-microsoft-365). In this walkthrough, we'll select **Try now**.
**Figure 1** - Try or buy Office 365
@ -68,7 +69,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
2. Fill out the sign up form and provide information about you and your company.
3. Create a user ID and password to use to sign into your account.
This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into <a href="https://portal.office.com" target="_blank">https://portal.office.com</a> (the admin portal).
This step creates an `onmicrosoft.com` email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into [https://portal.office.com](https://portal.office.com) (the admin portal).
4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center.
@ -78,7 +79,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 2** - Microsoft 365 admin center
![Opens the Microsoft 365 admin center.](images/office365_portal.png)
:::image type="content" alt-text="Opens the Microsoft 365 admin center." source="images/office365_portal.png":::
6. Select the **Admin** tile to go to the admin center.
@ -88,22 +89,22 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 3** - Admin center
![Complete the Office 365 setup in the Microsoft 365 admin center.](images/office365_admin_portal.png)
:::image type="content" alt-text="Complete the Office 365 setup in the Microsoft 365 admin center." source="images/office365_admin_portal.png":::
8. Go back to the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a> to add or buy a domain.
8. Go back to the [admin center](https://portal.office.com/adminportal/home#/homepage) to add or buy a domain.
1. Select the **Domains** option.
**Figure 4** - Option to add or buy a domain
![Add or buy a domain in admin center.](images/office365_buy_domain.png)
:::image type="content" alt-text="Add or buy a domain in admin center." source="images/office365_buy_domain.png":::
2. In the **Home > Domains** page, you will see the Microsoft-provided domain, such as `fabrikamdesign.onmicrosoft.com`.
**Figure 5** - Microsoft-provided domain
![Microsoft-provided domain.](images/office365_ms_provided_domain.png)
:::image type="content" alt-text="Microsoft-provided domain." source="images/office365_ms_provided_domain.png":::
- If you already have a domain, select **+ Add domain** to add your existing domain. If you select this option, you'll be required to verify that you own the domain. Follow the steps in the wizard to verify your domain.
- If you don't already own a domain, select **+ Buy domain**. If you're using a trial plan, you'll be required to upgrade your trial plan in order to buy a domain. Choose the subscription plan to use for your business and provide the details to complete your order.
@ -112,7 +113,7 @@ If you're new at setting up Office 365, and you'd like to see how it's done, you
**Figure 6** - Domains
![Verify your domains in the admin center.](images/office365_additional_domain.png)
:::image type="content" alt-text="Verify your domains in the admin center." source="images/office365_additional_domain.png":::
### 1.2 Add users and assign product licenses
Once you've set up Office and added your domain, it's time to add users so they have access to Office 365. People in your organization need an account before they can sign in and access Office 365. The easiest way to add users is to add them one at a time in the Microsoft 365 admin center.
@ -121,55 +122,55 @@ When adding users, you can also assign admin privileges to certain users in your
**To add users and assign product licenses**
1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a>, select **Users > Active users**.
1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Users > Active users**.
**Figure 7** - Add users
![Add Office 365 users.](images/office365_users.png)
:::image type="content" alt-text="Add Office 365 users." source="images/office365_users.png":::
2. In the **Home > Active users** page, add users individually or in bulk.
- To add users one at a time, select **+ Add a user**.
If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see *Add a user account in the admin center* in <a href="https://support.office.com/article/Add-users-individually-or-in-bulk-to-Office-365-Admin-Help-1970f7d6-03b5-442f-b385-5880b9c256ec" target="_blank">Add users individually or in bulk to Office 365 - Admin Help</a>.
If you select this option, you'll see the **New user** screen and you can add details about the new user including their name, user name, role, and so on. You also have the opportunity to assign **Product licenses**. For detailed step-by-step info on adding a user account, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users).
**Figure 8** - Add an individual user
![Add an individual user.](images/office365_add_individual_user.png)
:::image type="content" alt-text="Add an individual user." source="images/office365_add_individual_user.png":::
- To add multiple users at once, select **More** and then choose **+ Import multiple users**. If you select this option, you'll need to create and upload a CSV file containing the list of users.
The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see <a href="https://support.office.com/article/Add-several-users-at-the-same-time-to-Office-365-Admin-Help-1f5767ed-e717-4f24-969c-6ea9d412ca88" target="_blank">Add several users at the same time to Office 365 - Admin Help</a>. Once you've added all the users, don't forget to assign **Product licenses** to the new users.
The **Import multiple users** screen includes a link where you can learn more about importing multiple users and also links for downloading a sample CSV file (one with headers only and another with headers and sample user information). For detailed step-by-step info on adding multiple users to Office 365, see [Add users and assign licenses at the same time](/microsoft-365/admin/add-users/add-users). Once you've added all the users, don't forget to assign **Product licenses** to the new users.
**Figure 9** - Import multiple users
![Import multiple users.](images/office365_import_multiple_users.png)
:::image type="content" alt-text="Import multiple users." source="images/office365_import_multiple_users.png":::
3. Verify that all the users you added appear in the list of **Active users**. The **Status** should indicate the product licenses that were assigned to them.
**Figure 10** - List of active users
![Verify users and assigned product licenses.](images/o365_active_users.png)
:::image type="content" alt-text="Verify users and assigned product licenses." source="images/o365_active_users.png":::
### 1.3 Add Microsoft Intune
Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see <a href="/intune/understand-explore/introduction-to-microsoft-intune" target="_blank">What is Intune?</a>
Microsoft Intune provides mobile device management, app management, and PC management capabilities from the cloud. Using Intune, organizations can provide their employees with access to apps, data, and corporate resources from anywhere on almost any device while helping to keep corporate information secure. To learn more, see [Microsoft Intune is an MDM and MAM provider](/mem/intune/fundamentals/what-is-intune).
**To add Microsoft Intune to your tenant**
1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a>, select **Billing > Purchase services**.
1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Billing > Purchase services**.
2. In the **Home > Purchase services** screen, search for **Microsoft Intune**. Hover over **Microsoft Intune** to see the options to start a free 30-day trial or to buy now.
3. Confirm your order to enable access to Microsoft Intune.
4. In the admin center, the Intune licenses will show as available and ready to be assigned to users. Select **Users > Active users** and then edit the product licenses assigned to the users to turn on **Intune A Direct**.
**Figure 11** - Assign Intune licenses
![Assign Microsoft Intune licenses to users.](images/o365_assign_intune_license.png)
:::image type="content" alt-text="Assign Microsoft Intune licenses to users." source="images/o365_assign_intune_license.png":::
5. In the admin center, confirm that **Intune** shows up in the list under **Admin centers**. If it doesn't, sign out and then sign back in and then check again.
6. Select **Intune**. This step opens the Endpoint Manager admin center.
**Figure 12** - Microsoft Intune management portal
![Microsoft Intune management portal.](images/intune_portal_home.png)
:::image type="content" alt-text="Microsoft Intune management portal." source="images/intune_portal_home.png":::
Intune should now be added to your tenant. We'll come back to Intune later when we [Configure Microsoft Store for Business for app distribution](#17-configure-microsoft-store-for-business-for-app-distribution).
@ -178,7 +179,7 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
**To add Azure AD to your domain**
1. In the <a href="https://portal.office.com/adminportal/home#/homepage" target="_blank">admin center</a>, select **Admin centers > Azure AD**.
1. In the [admin center](https://portal.office.com/adminportal/home#/homepage), select **Admin centers > Azure AD**.
> [!NOTE]
> You will need Azure AD Premium to configure automatic MDM enrollment with Intune.
@ -187,57 +188,57 @@ Microsoft Azure is an open and flexible cloud platform that enables you to quick
**Figure 13** - Access to Azure AD is not available
![Access to Azure AD not available.](images/azure_ad_access_not_available.png)
:::image type="content" alt-text="Access to Azure AD not available." source="images/azure_ad_access_not_available.png":::
3. From the error message, select the country/region for your business. The region should match with the location you specified when you signed up for Office 365.
4. Select **Azure subscription**. This step will take you to a free trial sign up screen.
**Figure 14** - Sign up for Microsoft Azure
![Sign up for Microsoft Azure.](images/azure_ad_sign_up_screen.png)
:::image type="content" alt-text="Sign up for Microsoft Azure." source="images/azure_ad_sign_up_screen.png":::
5. In the **Free trial sign up** screen, fill in the required information and then click **Sign up**.
6. After you sign up, you should see the message that your subscription is ready. Click **Start managing my service**.
**Figure 15** - Start managing your Azure subscription
![Start managing your Azure subscription.](images/azure_ad_successful_signup.png)
:::image type="content" alt-text="Start managing your Azure subscription." source="images/azure_ad_successful_signup.png":::
This step will take you to the <a href="https://portal.azure.com" target="_blank">Microsoft Azure portal</a>.
This step will take you to the [Microsoft Azure portal](https://portal.azure.com).
### 1.5 Add groups in Azure AD
This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see <a href="/azure/active-directory/active-directory-manage-groups" target="_blank">Managing access to resources with Azure Active Directory groups</a>.
This section is the walkthrough is optional. However, we recommend that you create groups in Azure AD to manage access to corporate resources, such as apps, policies and settings, and so on. For more information, see [Managing access to resources with Azure Active Directory groups](/azure/active-directory/active-directory-manage-groups.
To add Azure AD group(s), we will use the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal (https://manage.windowsazure.com)</a>. See <a href="/azure/active-directory/active-directory-accessmanagement-manage-groups" target="_blank">Managing groups in Azure Active Directory</a> for more information about managing groups.
To add Azure AD group(s), use the [Microsoft Azure portal](https://portal.azure.com). See [Managing groups in Azure Active Directory](/azure/active-directory/active-directory-accessmanagement-manage-groups) for more information about managing groups.
**To add groups in Azure AD**
1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node in the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal</a>, you will see a screen informing you that your directory is ready for use.
1. If this is the first time you're setting up your directory, when you navigate to the **Azure Active Directory** node, you will see a screen informing you that your directory is ready for use.
Afterwards, you should see a list of active directories. In the following example, **Fabrikam Design** is the active directory.
**Figure 16** - Azure first sign-in screen
![Select Azure AD.](images/azure_portal_classic_configure_directory.png)
:::image type="content" alt-text="Select Azure AD." source="images/azure_portal_classic_configure_directory.png":::
2. Select the directory (such as Fabrikam Design) to go to the directory's home page.
**Figure 17** - Directory home page
![Directory home page.](images/azure_portal_classic_directory_ready.png)
:::image type="content" alt-text="Directory home page." source="images/azure_portal_classic_directory_ready.png":::
3. From the menu options on top, select **Groups**.
**Figure 18** - Azure AD groups
![Add groups in Azure AD.](images/azure_portal_classic_groups.png)
:::image type="content" alt-text="Add groups in Azure AD." source="images/azure_portal_classic_groups.png":::
4. Select **Add a group** (from the top) or **Add group** at the bottom.
5. In the **Add Group** window, add a name, group type, and description for the group and click the checkmark to save your changes. The new group will appear on the groups list.
**Figure 19** - Newly added group in Azure AD
![Verify the new group appears on the list.](images/azure_portal_classic_all_users_group.png)
:::image type="content" alt-text="Verify the new group appears on the list." source="images/azure_portal_classic_all_users_group.png":::
6. In the **Groups** tab, select the arrow next to the group (such as **All users**), add members to the group, and then save your changes.
@ -245,34 +246,34 @@ To add Azure AD group(s), we will use the <a href="https://manage.windowsazure.c
**Figure 20** - Members in the new group
![Members added to the new group.](images/azure_portal_classic_members_added.png)
:::image type="content" alt-text="Members added to the new group." source="images/azure_portal_classic_members_added.png":::
7. Repeat steps 2-6 to add other groups. You can add groups based on their roles in your company, based on the apps that each group can use, and so on.
### 1.6 Configure automatic MDM enrollment with Intune
Now that you have Azure AD Premium and have it properly configured, you can configure automatic MDM enrollment with Intune, which allows users to enroll their Windows devices into Intune management, join their devices directly to Azure AD, and get access to Office 365 resources after sign in.
You can read <a href="https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/" target="_blank">this blog post</a> to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
You can read the [Windows 10, Azure AD and Microsoft Intune blog post](https://blogs.technet.microsoft.com/enterprisemobility/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/) to learn how you can combine login, Azure AD Join, and Intune MDM enrollment into an easy step so that you can bring your devices into a managed state that complies with the policies for your organization. We will use this blog post as our guide for this part of the walkthrough.
> [!IMPORTANT]
> We will use the classic Azure portal instead of the new portal to configure automatic MDM enrollment with Intune.
**To enable automatic MDM enrollment**
1. In the <a href="https://manage.windowsazure.com/" target="_blank">classic Azure portal</a>, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options.
1. In the Azure portal, click on your company's Azure Active Directory to go back to the main window. Select **Applications** from the list of directory menu options.
The list of applications for your company will appear. **Microsoft Intune** will be one of the applications on the list.
**Figure 21** - List of applications for your company
![List of applications for your company.](images/azure_portal_classic_applications.png)
:::image type="content" alt-text="List of applications for your company." source="images/azure_portal_classic_applications.png":::
2. Select **Microsoft Intune** to configure the application.
3. In the Microsoft Intune configuration page, click **Configure** to start automatic MDM enrollment configuration with Intune.
**Figure 22** - Configure Microsoft Intune in Azure
![Configure Microsoft Intune in Azure.](images/azure_portal_classic_configure_intune_app.png)
:::image type="content" alt-text="Configure Microsoft Intune in Azure." source="images/azure_portal_classic_configure_intune_app.png":::
4. In the Microsoft Intune configuration page:
- In the **Properties** section, you should see a list of URLs for MDM discovery, MDM terms of use, and MDM compliance.
@ -291,66 +292,66 @@ You can read <a href="https://blogs.technet.microsoft.com/enterprisemobility/201
**Figure 23** - Configure Microsoft Intune
![Configure automatic MDM enrollment with Intune.](images/azure_portal_classic_configure_intune_mdm_enrollment.png)
:::image type="content" alt-text="Configure automatic MDM enrollment with Intune." source="images/azure_portal_classic_configure_intune_mdm_enrollment.png":::
### 1.7 Configure Microsoft Store for Business for app distribution
Next, you'll need to configure Microsoft Store for Business to distribute apps with a management tool such as Intune.
In this part of the walkthrough, we'll be working on the <a href="https://manage.microsoft.com/" target="_blank">Microsoft Intune management portal</a> and <a href="https://businessstore.microsoft.com/Store/Apps" target="_blank">Microsoft Store for Business</a>.
In this part of the walkthrough, use the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps).
**To associate your Store account with Intune and configure synchronization**
1. From the <a href="https://manage.microsoft.com/" target="_blank">Microsoft Intune management portal</a>, select **Admin**.
1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. In the **Administration** workspace, click **Mobile Device Management**. If this is the first item you're using the portal, click **manage mobile devices** in the **Mobile Device Management** window. The page will refresh and you'll have new options under **Mobile Device Management**.
**Figure 24** - Mobile device management
![Set up mobile device management in Intune.](images/intune_admin_mdm_configure.png)
:::image type="content" alt-text="Set up mobile device management in Intune." source="images/intune_admin_mdm_configure.png":::
3. Sign into <a href="https://businessstore.microsoft.com/Store/Apps" target="_blank">Microsoft Store for Business</a> using the same tenant account that you used to sign into Intune.
3. Sign into [Microsoft Store for Business](https://businessstore.microsoft.com/Store/Apps) using the same tenant account that you used to sign into Intune.
4. Accept the EULA.
5. In the Store portal, select **Settings > Management tools** to go to the management tools page.
6. In the **Management tools** page, find **Microsoft Intune** on the list and click **Activate** to get Intune ready to use with Microsoft Store for Business.
**Figure 25** - Activate Intune as the Store management tool
![Activate Intune from the Store portal.](images/wsfb_management_tools_activate.png)
:::image type="content" alt-text="Activate Intune from the Store portal." source="images/wsfb_management_tools_activate.png":::
7. Go back to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
7. Go back to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management**, expand **Windows**, and then choose **Store for Business**.
8. In the **Microsoft Store for Business** page, select **Configure Sync** to sync your Store for Business volume-purchased apps with Intune.
**Figure 26** - Configure Store for Business sync in Intune
![Configure Store for Business sync in Intune.](images/intune_admin_mdm_store_sync.png)
:::image type="content" alt-text="Configure Store for Business sync in Intune." source="images/intune_admin_mdm_store_sync.png":::
9. In the **Configure Microsoft Store for Business app sync** dialog box, check **Enable Microsoft Store for Business sync**. In the **Language** dropdown list, choose the language in which you want apps from the Store to be displayed in the Intune console and then click **OK**.
**Figure 27** - Enable Microsoft Store for Business sync in Intune
![Enable Store for Business sync in Intune.](images/intune_configure_store_app_sync_dialog.png)
:::image type="content" alt-text="Enable Store for Business sync in Intune." source="images/intune_configure_store_app_sync_dialog.png":::
The **Microsoft Store for Business** page will refresh and it will show the details from the sync.
**To buy apps from the Store**
In your <a href="https://businessstore.microsoft.com/Store/Apps" target="_blank">Microsoft Store for Business</a> portal, you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
In your [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), you can see the list of apps that you own by going to **Manage > Inventory**. You should see the following apps in your inventory:
- Sway
- OneNote
- PowerPoint Mobile
- Excel Mobile
- Word Mobile
In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps > Volume-Purchased Apps** and verify that you can see the same list of apps appear on Intune.
In the following example, we'll show you how to buy apps through the Microsoft Store for Business and then make sure the apps appear on Intune.
**Example 1 - Add other apps like Reader and InstaNote**
1. In the <a href="https://businessstore.microsoft.com/Store/Apps" target="_blank">Microsoft Store for Business</a> portal, click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
1. In the [Microsoft Store for Business portal](https://businessstore.microsoft.com/Store/Apps), click **Shop**, scroll down to the **Made by Microsoft** category, and click **Show all** to see all the Microsoft apps in the list.
**Figure 28** - Shop for Store apps
![Shop for Store apps.](images/wsfb_shop_microsoft_apps.png)
:::image type="content" alt-text="Shop for Store apps." source="images/wsfb_shop_microsoft_apps.png":::
2. Click to select an app, such as **Reader**. This opens the app page.
3. In the app's Store page, click **Get the app**. You should see a dialog that confirms your order. Click **Close**. This will refresh the app's Store page.
@ -360,7 +361,7 @@ In the following example, we'll show you how to buy apps through the Microsoft S
**Figure 29** - App inventory shows the purchased apps
![Confirm that your inventory shows purchased apps.](images/wsfb_manage_inventory_newapps.png)
:::image type="content" alt-text="Confirm that your inventory shows purchased apps." source="images/wsfb_manage_inventory_newapps.png":::
> [!NOTE]
> Sync happens automatically, but it may take up to 24 hours for your organization's private store and 12 hours for Intune to sync all your purchased apps. You can force a sync to make this process happen faster. For more info, see [To sync recently purchased apps](#forceappsync).
@ -369,18 +370,18 @@ In the following example, we'll show you how to buy apps through the Microsoft S
If you need to sync your most recently purchased apps and have it appear in your catalog, you can do this by forcing a sync.
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin > Mobile Device Management > Windows > Store for Business**.
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Admin > Mobile Device Management > Windows > Store for Business**.
2. In the **Microsoft Store for Business** page, click **Sync now** to force a sync.
**Figure 30** - Force a sync in Intune
![Force a sync in Intune.](images/intune_admin_mdm_forcesync.png)
:::image type="content" alt-text="Force a sync in Intune." source="images/intune_admin_mdm_forcesync.png":::
**To view purchased apps**
- In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
- In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps > Apps** and then choose **Volume-Purchased Apps** to see the list of available apps. Verify that the apps you purchased were imported correctly.
**To add more apps**
- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see <a href="/intune/deploy-use/add-apps-for-mobile-devices-in-microsoft-intune" target="_blank">Add apps for enrolled devices to Intune</a> for more info on how to do this.
- If you have other apps that you want to deploy or manage, you must add it to Microsoft Intune. To deploy Win32 apps and Web links, see [Add apps to Microsoft Intune](/mem/intune/apps/apps-add) for more info on how to do this.
## 2. Set up devices
@ -395,7 +396,7 @@ To set up new Windows devices, go through the Windows initial device setup or fi
**Figure 31** - First screen in Windows device setup
![First screen in Windows device setup.](images/win10_hithere.png)
:::image type="content" alt-text="First screen in Windows device setup." source="images/win10_hithere.png":::
> [!NOTE]
> During setup, if you don't have a Wi-Fi network configured, make sure you connect the device to the Internet through a wired/Ethernet connection.
@ -405,13 +406,13 @@ To set up new Windows devices, go through the Windows initial device setup or fi
**Figure 32** - Choose how you'll connect your Windows device
![Choose how you'll connect the Windows device.](images/win10_choosehowtoconnect.png)
:::image type="content" alt-text="Choose how you'll connect the Windows device." source="images/win10_choosehowtoconnect.png":::
4. In the **Let's get you signed in** screen, sign in using a user account you added in section [1.2 Add users and assign product licenses](#12-add-users-and-assign-product-licenses). We suggest signing in as one of the global administrators. Later, sign in on another device using one of the non-admin accounts.
**Figure 33** - Sign in using one of the accounts you added
![Sign in using one of the accounts you added.](images/win10_signin_admin_account.png)
:::image type="content" alt-text="Sign in using one of the accounts you added." source="images/win10_signin_admin_account.png":::
5. If this is the first time you're signing in, you will be asked to update your password. Update the password and continue with sign-in and setup.
@ -425,16 +426,16 @@ Verify that the device is set up correctly and boots without any issues.
2. Confirm that the Store and built-in apps are working.
### 2.3 Verify the device is Azure AD joined
In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), verify that the device is joined to Azure AD and shows up as being managed in Microsoft Intune.
**To verify if the device is joined to Azure AD**
1. Check the device name on your PC. On your Windows PC, select **Settings > System > About** and then check **PC name**.
**Figure 34** - Check the PC name on your device
![Check the PC name on your device.](images/win10_settings_pcname.png)
:::image type="content" alt-text="Check the PC name on your device." source="images/win10_settings_pcname.png":::
2. Log in to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>.
2. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
3. Select **Groups** and then go to **Devices**.
4. In the **All Devices** page, look at the list of devices and select the entry that matches the name of your PC.
- Check that the device name appears in the list. Select the device and it will also show the current logged-in user in the **General Information** section.
@ -443,7 +444,7 @@ In the <a href="https://manage.microsoft.com/" target="_blank">Intune management
**Figure 35** - Check that the device appears in Intune
![Check that the device appears in Intune.](images/intune_groups_devices_list.png)
:::image type="content" alt-text="Check that the device appears in Intune." source="images/intune_groups_devices_list.png":::
## 3. Manage device settings and features
You can use Microsoft Intune admin settings and policies to manage features on your organization's mobile devices and computers. For more info, see [Manage settings and features on your devices with Microsoft Intune policies](/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
@ -454,7 +455,7 @@ In this section, we'll show you how to reconfigure app deployment settings and a
In some cases, if an app is missing from the device, you need to reconfigure the deployment settings for the app and set the app to require installation as soon as possible.
**To reconfigure app deployment settings**
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Apps** and go to **Apps > Volume-Purchased Apps**.
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Apps** and go to **Apps > Volume-Purchased Apps**.
2. Select the app, right-click, then select **Manage Deployment...**.
3. Select the group(s) whose apps will be managed, and then click **Add** to add the group.
4. Click **Next** at the bottom of the app deployment settings window or select **Deployment Action** on the left column to check the deployment settings for the app.
@ -462,7 +463,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 36** - Reconfigure an app's deployment setting in Intune
![Reconfigure app deployment settings in Intune.](images/intune_apps_deploymentaction.png)
:::image type="content" alt-text="Reconfigure app deployment settings in Intune." source="images/intune_apps_deploymentaction.png":::
6. Click **Finish**.
7. Repeat steps 2-6 for other apps that you want to deploy to the device(s) as soon as possible.
@ -472,12 +473,12 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 37** - Confirm that additional apps were deployed to the device
![Confirm that additional apps were deployed to the device.](images/win10_deploy_apps_immediately.png)
:::image type="content" alt-text="Confirm that additional apps were deployed to the device." source="images/win10_deploy_apps_immediately.png":::
### 3.2 Configure other settings in Intune
**To disable the camera**
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Policy > Configuration Policies**.
1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices > Configuration Policies**.
2. In the **Policies** window, click **Add** to create a new policy.
3. On the **Create a New Policy** page, click **Windows** to expand the group, select **General Configuration (Windows 10 Desktop and Mobile and later)**, choose **Create and Deploy a Custom Policy**, and then click **Create Policy**.
4. On the **Create Policy** page, select **Device Capabilities**.
@ -488,7 +489,7 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 38** - Add a configuration policy
![Add a configuration policy.](images/intune_policy_disablecamera.png)
:::image type="content" alt-text="Add a configuration policy." source="images/intune_policy_disablecamera.png":::
7. Click **Save Policy**. A confirmation window will pop up.
8. On the **Deploy Policy** confirmation window, select **Yes** to deploy the policy now.
@ -497,16 +498,16 @@ In some cases, if an app is missing from the device, you need to reconfigure the
**Figure 39** - The new policy should appear in the **Policies** list.
![New policy appears on the list.](images/intune_policies_newpolicy_deployed.png)
:::image type="content" alt-text="New policy appears on the list." source="images/intune_policies_newpolicy_deployed.png":::
**To turn off Windows Hello and PINs during device setup**
1. In the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a>, select **Admin**.
1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
2. Go to **Mobile Device Management > Windows > Windows Hello for Business**.
3. In the **Windows Hello for Business** page, select **Disable Windows Hello for Business on enrolled devices**.
**Figure 40** - Policy to disable Windows Hello for Business
![Disable Windows Hello for Business.](images/intune_policy_disable_windowshello.png)
:::image type="content" alt-text="Disable Windows Hello for Business." source="images/intune_policy_disable_windowshello.png":::
4. Click **Save**.
@ -533,49 +534,49 @@ For other devices, such as those personally-owned by employees who need to conne
**Figure 41** - Add an Azure AD account to the device
![Add an Azure AD account to the device.](images/win10_add_new_user_join_aad.png)
:::image type="content" alt-text="Add an Azure AD account to the device." source="images/win10_add_new_user_join_aad.png":::
4. In the **Let's get you signed in** window, enter the work credentials for the account and then click **Sign in** to authenticate the user.
**Figure 42** - Enter the account details
![Enter the account details.](images/win10_add_new_user_account_aadwork.png)
:::image type="content" alt-text="Enter the account details." source="images/win10_add_new_user_account_aadwork.png":::
5. You will be asked to update the password so enter a new password.
6. Verify the details to make sure you're connecting to the right organization and then click **Join**.
**Figure 43** - Make sure this is your organization
![Make sure this is your organization.](images/win10_confirm_organization_details.png)
:::image type="content" alt-text="Make sure this is your organization." source="images/win10_confirm_organization_details.png":::
7. You will see a confirmation window that says the device is now connected to your organization. Click **Done**.
**Figure 44** - Confirmation that the device is now connected
![Confirmation that the device is now connected.](images/win10_confirm_device_connected_to_org.png)
:::image type="content" alt-text="Confirmation that the device is now connected." source="images/win10_confirm_device_connected_to_org.png":::
8. The **Connect to work or school** window will refresh and will now include an entry that shows you're connected to your organization's Azure AD. This means the device is now registered in Azure AD and enrolled in MDM and the account should have access to the organization's resources.
**Figure 45** - Device is now enrolled in Azure AD
![Device is enrolled in Azure AD.](images/win10_device_enrolled_in_aad.png)
:::image type="content" alt-text="Device is enrolled in Azure AD." source="images/win10_device_enrolled_in_aad.png":::
9. You can confirm that the new device and user are showing up as Intune-managed by going to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
9. You can confirm that the new device and user are showing up as Intune-managed by going to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
### 4.2 Add a new user
You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and verify that the same users were added to the Intune groups as well.
See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn more. Once you're done adding new users, go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and verify that the same users were added to the Intune groups as well.
## Get more info
### For IT admins
To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
- <a href="https://support.office.com/article/Set-up-Office-365-for-business-6a3a29a0-e616-4713-99d1-15eda62d04fa" target="_blank">Set up Office 365 for business</a>
- Common admin tasks in Office 365 including email and OneDrive in <a href="https://support.office.com/article/Common-management-tasks-for-Office-365-46c667f7-5073-47b9-a75f-05a60cf77d91" target="_blank">Manage Office 365</a>
- More info about managing devices, apps, data, troubleshooting, and more in <a href="/intune/" target="_blank">Intune documentation</a>
- [Set up Office 365 for business](/microsoft-365/admin/setup)
- Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/)
- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/)
- Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/).
- Info about distributing apps to your employees, managing apps, managing settings, and more in <a href="/microsoft-store/" target="_blank">Microsoft Store for Business</a>
- Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/)
### For information workers
Whether it's in the classroom, getting the most out of your devices, or learning some of the cool things you can do, we've got teachers covered. Follow these links for more info:

5
smb/includes/smb-content-updates.md
View File

@ -2,10 +2,9 @@
## Week of October 25, 2021
## Week of December 13, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 10/28/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |
| 10/28/2021 | [Windows 10/11 for small to midsize businesses](/windows/smb/index) | modified |
| 12/14/2021 | [Deploy and manage a full cloud IT solution for your business](/windows/smb/cloud-mode-business-setup) | modified |

11
store-for-business/includes/store-for-business-content-updates.md
View File

@ -2,6 +2,17 @@
## Week of December 13, 2021
| Published On |Topic title | Change |
|------|------------|--------|
| 12/13/2021 | [Microsoft Store for Business and Education release history](/microsoft-store/release-history-microsoft-store-business-education) | modified |
| 12/13/2021 | [Change history for Microsoft Store for Business and Education](/microsoft-store/sfb-change-history) | modified |
| 12/14/2021 | [Manage user accounts in Microsoft Store for Business and Microsoft Store for Education (Windows 10)](/microsoft-store/manage-users-and-groups-microsoft-store-for-business) | modified |
| 12/14/2021 | [Troubleshoot Microsoft Store for Business (Windows 10)](/microsoft-store/troubleshoot-microsoft-store-for-business) | modified |
## Week of November 15, 2021

2
store-for-business/manage-users-and-groups-microsoft-store-for-business.md
View File

@ -44,5 +44,5 @@ If you created a new Azure AD directory when you signed up for Store for Busines
You can use the [Office 365 admin dashboard](https://portal.office.com/adminportal) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
For more information, see:
- [Add user accounts using Office 365 admin dashboard](https://support.office.com/en-us/article/add-users-individually-or-in-bulk-to-office-365-admin-help-1970f7d6-03b5-442f-b385-5880b9c256ec)
- [Add user accounts using Office 365 admin dashboard](/microsoft-365/admin/add-users)
- [Add user accounts using Azure management portal](/azure/active-directory/fundamentals/add-users-azure-active-directory)

4
store-for-business/release-history-microsoft-store-business-education.md
View File

@ -1,6 +1,6 @@
---
title: Whats new in Microsoft Store for Business and Education
description: Learn about newest features in Microsoft Store for Business and Microsoft Store for Education.
title: Microsoft Store for Business and Education release history
description: Know the release history of Microsoft Store for Business and Microsoft Store for Education.
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library

8
store-for-business/sfb-change-history.md
View File

@ -76,6 +76,7 @@ ms.localizationpriority: medium
| --- | --- |
| [Microsoft Store for Business and Education PowerShell module - preview](microsoft-store-for-business-education-powershell-module.md) | New |
| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. |
## June 2017
@ -84,10 +85,3 @@ ms.localizationpriority: medium
| [Notifications in Microsoft Store for Business and Education](notifications-microsoft-store-business.md) | New. Information about notification model in Microsoft Store for Business and Education. |
| [Get Minecraft: Education Edition with Windows 10 device promotion](/education/windows/get-minecraft-device-promotion) | New. Information about redeeming Minecraft: Education Edition licenses with qualifying purchases of Windows 10 devices. |
| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |
## July 2017
| New or changed topic | Description |
| -------------------- | ----------- |
| [Manage Windows device deployment with Windows Autopilot Deployment](add-profile-to-devices.md) | New. Information about Windows Autopilot Deployment Program and how it is used in Microsoft Store for Business and Education. |
| [Microsoft Store for Business and Education overview - supported markets](./microsoft-store-for-business-overview.md#supported-markets) | Updates for added market support. |

2
store-for-business/troubleshoot-microsoft-store-for-business.md
View File

@ -56,7 +56,7 @@ The private store for your organization is a page in Microsoft Store app that co
## Troubleshooting Microsoft Store for Business integration with Microsoft Endpoint Configuration Manager
If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](https://support.microsoft.com/help/4010214/understand-and-troubleshoot-microsoft-store-for-business-integration-w).
If you encounter any problems when integrating Microsoft Store for Business with Configuration Manager, use the [troubleshooting guide](/troubleshoot/mem/configmgr/troubleshoot-microsoft-store-for-business-integration).
## Still having trouble?

4
windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
View File

@ -63,7 +63,7 @@ The computer on which you are installing the Office Deployment Tool must have th
| Prerequisite | Description |
|----------------------|--------------------|
| Prerequisite software | .Net Framework 4 |
| Prerequisite software | .NET Framework 4 |
| Supported operating systems | 64-bit version of Windows 10/11<br>64-bit version of Windows 8 or 8.1<br>64-bit version of Windows 7 |
>[!NOTE]
@ -120,7 +120,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
|--------------|----------------------------|----------------|
| Add element | Specifies which products and languages the package will include. | N/A |
| **OfficeClientEdition** (attribute of **Add** element) | Specifies whether Office 2016 32-bit or 64-bit edition will be used. **OfficeClientEdition**  must be set to a valid value for the operation to succeed. | `OfficeClientEdition="32"`<br>`OfficeClientEdition="64"` |
| Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.<br>For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](https://support.microsoft.com/kb/2842297). | `Product ID ="O365ProPlusRetail"`<br>`Product ID ="VisioProRetail"`<br>`Product ID ="ProjectProRetail"` |
| Product element | Specifies the application. Project 2016 and Visio 2016 must be specified here as added products to include them in the applications.<br>For more information about Product IDs, see [Product IDs that are supported by the Office Deployment Tool for Click-to-Run](/office365/troubleshoot/installation). | `Product ID ="O365ProPlusRetail"`<br>`Product ID ="VisioProRetail"`<br>`Product ID ="ProjectProRetail"` |
| Language element | Specifies which language the applications support. | `Language ID="en-us"` |
| Version (attribute of **Add** element) | Optional. Specifies which build the package will use.<br>Defaults to latest advertised build (as defined in v32.CAB at the Office source). | `16.1.2.3` |
| SourcePath (attribute of **Add** element) | Specifies the location the applications will be saved to. | `Sourcepath = "\\Server\Office2016"` |

157
windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
View File

@ -19,90 +19,81 @@ ms.author: greglin
The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10 version 1703 and later
<table border="1">
<thead>
<th>Problem</th>
<th>Workaround</th>
</thead>
<tbody>
<tr>
<td>Unable to manually create a system-owned folder needed for the <code>set-AppVClientConfiguration</code> PowerShell cmdlet when using the <i>PackageInstallationRoot</i>, <i>IntegrationRootUser</i>, or <i>IntegrationRootGlobal</i> parameters.</td>
<td>Don&#39;t create this file manually, instead let the <code>Add-AppVClientPackage</code> cmdlet auto-generate it.</td>
</tr>
<tr>
<td>Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.</td>
<td>Make sure you have the complete App-V package or the MSI file from the original app.</td>
</tr>
<tr>
<td>Unable to modify the locale for auto-sequencing.</td>
<td>Open the <code>C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml</code> file and include the language code for your locale. For example, if you wanted Spanish (Spain), you&#39;d use: <strong>es-ES</strong>.</td>
</tr>
<tr>
<td>Filetype and protocol handlers aren&#39;t registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the <strong>Settings &gt; Apps&gt; Default Apps</strong> area.</td>
<td>The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the <strong>&lt;appv:Extensions&gt;</strong> tag:
<pre><code>
&lt;appv:Extension Category="AppV.URLProtocol"&gt;
&lt;appv:URLProtocol&gt;
&lt;appv:Name&gt;ftp&lt;/appv:Name&gt;
&lt;appv:ApplicationURLProtocol&gt;
&lt;appv:DefaultIcon&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0&lt;/appv:DefaultIcon&gt;
&lt;appv:ShellCommands&gt;
&lt;appv:DefaultCommand&gt;open&lt;/appv:DefaultCommand&gt;
&lt;appv:ShellCommand&gt;
&lt;appv:ApplicationId&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe&lt;/appv:ApplicationId&gt;
&lt;appv:Name&gt;open&lt;/appv:Name&gt;
&lt;appv:CommandLine&gt;"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"&lt;/appv:CommandLine&gt;
&lt;appv:DdeExec&gt;
&lt;appv:DdeCommand /&gt;
&lt;/appv:DdeExec&gt;
&lt;/appv:ShellCommand&gt;
&lt;/appv:ShellCommands&gt;
&lt;/appv:ApplicationURLProtocol&gt;
&lt;/appv:URLProtocol&gt;
&lt;/appv:Extension&gt;
&lt;appv:Extension Category="AppV.URLProtocol"&gt;
&lt;appv:URLProtocol&gt;
&lt;appv:Name&gt;http&lt;/appv:Name&gt;
&lt;appv:ApplicationURLProtocol&gt;
&lt;appv:DefaultIcon&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0&lt;/appv:DefaultIcon&gt;
&lt;appv:ShellCommands&gt;
&lt;appv:DefaultCommand&gt;open&lt;/appv:DefaultCommand&gt;
&lt;appv:ShellCommand&gt;
&lt;appv:ApplicationId&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe&lt;/appv:ApplicationId&gt;
&lt;appv:Name&gt;open&lt;/appv:Name&gt;
&lt;appv:CommandLine&gt;"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"&lt;/appv:CommandLine&gt;
&lt;appv:DdeExec&gt;
&lt;appv:DdeCommand /&gt;
&lt;/appv:DdeExec&gt;
&lt;/appv:ShellCommand&gt;
&lt;/appv:ShellCommands&gt;
&lt;/appv:ApplicationURLProtocol&gt;
&lt;/appv:URLProtocol&gt;
&lt;/appv:Extension&gt;
&lt;appv:Extension Category="AppV.URLProtocol"&gt;
&lt;appv:URLProtocol&gt;
&lt;appv:Name&gt;https&lt;/appv:Name&gt;
&lt;appv:ApplicationURLProtocol&gt;
&lt;appv:DefaultIcon&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0&lt;/appv:DefaultIcon&gt;
&lt;appv:ShellCommands&gt;
&lt;appv:DefaultCommand&gt;open&lt;/appv:DefaultCommand&gt;
&lt;appv:ShellCommand&gt;
&lt;appv:ApplicationId&gt;[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe&lt;/appv:ApplicationId&gt;
&lt;appv:Name&gt;open&lt;/appv:Name&gt;
&lt;appv:CommandLine&gt;"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"&lt;/appv:CommandLine&gt;
&lt;appv:DdeExec&gt;
&lt;appv:DdeCommand /&gt;
&lt;/appv:DdeExec&gt;
&lt;/appv:ShellCommand&gt;
&lt;/appv:ShellCommands&gt;
&lt;/appv:ApplicationURLProtocol&gt;
&lt;/appv:URLProtocol&gt;
&lt;/appv:Extension&gt;
</code></pre><br/> </td>
</tr>
</tbody>
</table>
- **Problem**: Unable to manually create a system-owned folder needed for the `set-AppVClientConfiguration` PowerShell cmdlet when using the PackageInstallationRoot, IntegrationRootUser, or IntegrationRootGlobal parameters.
**Workaround**: Don't create this file manually, instead let the `Add-AppVClientPackage` cmdlet auto-generate it.
- **Problem**: Failure to update an App-V package from App-V 5.x to the latest in-box version, by using the PowerShell sequencing commands.
**Workaround**: Make sure you have the complete App-V package or the MSI file from the original app.
- **Problem**: Unable to modify the locale for auto-sequencing.
**Workaround**: Open the `C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\AutoSequencer\Unattend_Sequencer_User_Setup_Template.xml` file and include the language code for your locale. For example, if you wanted Spanish (Spain), you'd use: es-ES.
- **Problem**: Filetype and protocol handlers aren't registering properly with the Google Chrome browser, causing you to not see App-V packages as an option for default apps from the Settings > Apps> Default Apps area.
**Workaround**: The recommended workaround is to add the following code to the AppXManifest.xml file, underneath the `<appv:Extensions>` tag:
```xml
<appv:Extension Category="AppV.URLProtocol">
<appv:URLProtocol>
<appv:Name>ftp</appv:Name>
<appv:ApplicationURLProtocol>
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
<appv:ShellCommands>
<appv:DefaultCommand>open</appv:DefaultCommand>
<appv:ShellCommand>
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
<appv:Name>open</appv:Name>
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
<appv:DdeExec>
<appv:DdeCommand />
</appv:DdeExec>
</appv:ShellCommand>
</appv:ShellCommands>
</appv:ApplicationURLProtocol>
</appv:URLProtocol>
</appv:Extension>
<appv:Extension Category="AppV.URLProtocol">
<appv:URLProtocol>
<appv:Name>http</appv:Name>
<appv:ApplicationURLProtocol>
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
<appv:ShellCommands>
<appv:DefaultCommand>open</appv:DefaultCommand>
<appv:ShellCommand>
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
<appv:Name>open</appv:Name>
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
<appv:DdeExec>
<appv:DdeCommand />
</appv:DdeExec>
</appv:ShellCommand>
</appv:ShellCommands>
</appv:ApplicationURLProtocol>
</appv:URLProtocol>
</appv:Extension>
<appv:Extension Category="AppV.URLProtocol">
<appv:URLProtocol>
<appv:Name>https</appv:Name>
<appv:ApplicationURLProtocol>
<appv:DefaultIcon>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe,0</appv:DefaultIcon>
<appv:ShellCommands>
<appv:DefaultCommand>open</appv:DefaultCommand>
<appv:ShellCommand>
<appv:ApplicationId>[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe</appv:ApplicationId>
<appv:Name>open</appv:Name>
<appv:CommandLine>"[{ProgramFilesX86}]\Google\Chrome\Application\chrome.exe" -- "%1"</appv:CommandLine>
<appv:DdeExec>
<appv:DdeCommand />
</appv:DdeExec>
</appv:ShellCommand>
</appv:ShellCommands>
</appv:ApplicationURLProtocol>
</appv:URLProtocol>
</appv:Extension>
```
## Related resources list
For information that can help with troubleshooting App-V for Windows client, see:

46
windows/client-management/advanced-troubleshooting-boot-problems.md
View File

@ -150,49 +150,19 @@ If you receive BCD-related errors, follow these steps:
2. Restart the computer to check whether the problem is fixed.
3. If the problem is not fixed, run the following command:
```console
Bootrec /rebuildbcd
```
4. You might receive one of the following outputs:
```console
Scanning all disks for Windows installations. Please wait, since this may take a while ...
Successfully scanned Windows installations. Total identified Windows installations: 0
The operation completed successfully.
```
```console
Scanning all disks for Windows installations. Please wait, since this may take a while ...
Successfully scanned Windows installations. Total identified Windows installations: 1
D:\Windows
Add installation to boot list? Yes/No/All:
```
If the output shows **windows installation: 0**, run the following commands:
3. If the problem is not fixed, run the following commands:
```console
bcdedit /export c:\bcdbackup
attrib c:\\boot\\bcd -r s -h
attrib c:\boot\bcd -r -s -h
ren c:\\boot\\bcd bcd.old
ren c:\boot\bcd bcd.old
bootrec /rebuildbcd
```
After you run the command, you receive the following output:
```console
Scanning all disks for Windows installations. Please wait, since this may take a while ...
Successfully scanned Windows installations. Total identified Windows installations: 1
{D}:\Windows
Add installation to boot list? Yes/No/All: Y
```
5. Try restarting the system.
4. Restart the system.
### Method 4: Replace Bootmgr
@ -206,7 +176,7 @@ If methods 1, 2 and 3 do not fix the problem, replace the Bootmgr file from driv
attrib -r -s -h
```
3. Run the same **attrib** command on the Windows (system drive):
3. Navigate to the system drive and run the same command:
```console
attrib -r -s -h
@ -231,7 +201,7 @@ If Windows cannot load the system registry hive into memory, you must restore th
If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
> [!NOTE]
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder)
## Kernel Phase
@ -394,7 +364,7 @@ If the dump file shows an error that is related to a driver (for example, window
- To do this, open WinRE, open a command prompt, and then run the following command:
```console
SFC /Scannow /OffBootDir=C:\ /OffWinDir=E:\Windows
SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
```
For more information, see [Using System File Checker (SFC) To Fix Issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues)
@ -414,4 +384,4 @@ If the dump file shows an error that is related to a driver (for example, window
5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
> [!NOTE]
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](https://support.microsoft.com/en-us/help/4509719/the-system-registry-is-no-longer-backed-up-to-the-regback-folder-start).
> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).

51
windows/client-management/advanced-troubleshooting-wireless-network-connectivity.md
View File

@ -37,9 +37,8 @@ It is important to understand the different Wi-Fi components involved, their exp
The intention of this troubleshooter is to show how to find a starting point in the verbosity of wireless_dbg ETW and home in on the responsible components that are causing the connection problem.
### Known Issues and fixes
** **
| **OS version** | **Fixed in** |
| OS version | Fixed in |
| --- | --- |
| **Windows 10, version 1803** | [KB4284848](https://support.microsoft.com/help/4284848) |
| **Windows 10, version 1709** | [KB4284822](https://support.microsoft.com/help/4284822) |
@ -54,13 +53,13 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
- [Windows 10 version 1511](https://support.microsoft.com/help/4000824)
- [Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/4009470)
- [Windows Server 2012](https://support.microsoft.com/help/4009471)
- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/40009469)
- [Windows 7 SP1 and Windows Server 2008 R2 SP1](https://support.microsoft.com/help/4009469)
## Data Collection
1. Network Capture with ETW. Enter the following at an elevated command prompt:
```cmd
```console
netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
```
2. Reproduce the issue.
@ -70,12 +69,12 @@ Make sure that you install the latest Windows updates, cumulative updates, and r
- If intermittent connection drops trigger stop command on a script (ping or test network constantly until fail, then netsh trace stop).
3. Stop the trace by entering the following command:
```cmd
```console
netsh trace stop
```
4. To convert the output file to text format:
```cmd
```console
netsh trace convert c:\tmp\wireless.etl
```
@ -105,39 +104,39 @@ The wifi connection state machine has the following states:
Standard wifi connections tend to transition between states such as:
**Connecting**
- Connecting
Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
Reset --> Ihv_Configuring --> Configuring --> Associating --> Authenticating --> Connected
**Disconnecting**
- Disconnecting
Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
Connected --> Roaming --> Wait_For_Disconnected --> Disconnected --> Reset
>Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
Filtering the ETW trace with the [TextAnalysisTool](https://github.com/TextAnalysisTool/Releases) (TAT) is an easy first step to determine where a failed connection setup is breaking down. A useful [wifi filter file](#wifi-filter-file) is included at the bottom of this article.
Use the **FSM transition** trace filter to see the connection state machine. You can see [an example](#textanalysistool-example) of this filter applied in the TAT at the bottom of this page.
The following is an example of a good connection setup:
<pre>
```console
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Connected
</pre>
```
The following is an example of a failed connection setup:
<pre>
```console
44676 [2]0F24.1020::2018-09-17 10:22:14.658 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Disconnected to State: Reset
45473 [1]0F24.1020::2018-09-17 10:22:14.667 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Reset to State: Ihv_Configuring
45597 [3]0F24.1020::2018-09-17 10:22:14.708 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Ihv_Configuring to State: Configuring
46085 [2]0F24.17E0::2018-09-17 10:22:14.710 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Configuring to State: Associating
47393 [1]0F24.1020::2018-09-17 10:22:14.879 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Associating to State: Authenticating
49465 [2]0F24.17E0::2018-09-17 10:22:14.990 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State: Authenticating to State: Roaming
</pre>
```
By identifying the state at which the connection fails, one can focus more specifically in the trace on logs just prior to the last known good state.
@ -155,7 +154,7 @@ Enable the **FSM transition, SecMgr Transition,** and **AuthMgr Transition** fil
Continuing with the example above, the combined filters look like this:
<pre>
```console
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Reset to State: Ihv_Configuring
[2] 0C34.2FF0::08/28/17-13:24:28.693 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
@ -173,7 +172,7 @@ Associating to State: Authenticating
[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming
</pre>
```
> [!NOTE]
> In the next to last line the SecMgr transition is suddenly deactivating:<br>
@ -182,7 +181,7 @@ Authenticating to State: Roaming
Enabling the **Microsoft-Windows-WLAN-AutoConfig** filter will show more detail leading to the DEACTIVATE transition:
<pre>
```console
[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Associating to State: Authenticating
[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@ -196,7 +195,7 @@ Associating to State: Authenticating
[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming
</pre>
```
The trail backwards reveals a **Port Down** notification:
@ -208,7 +207,7 @@ Below, the MSM is the native wifi stack. These are Windows native wifi drivers w
Enable trace filter for **[Microsoft-Windows-NWifi]:**
<pre>
```console
[3] 0C34.2FE8::08/28/17-13:24:28.902 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Associating to State: Authenticating
[1] 0C34.275C::08/28/17-13:24:28.960 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition START AUTH (3) --> WAIT FOR AUTH SUCCESS (4)
@ -222,12 +221,14 @@ Associating to State: Authenticating
[2] 0C34.2FF0::08/28/17-13:24:29.751 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition WAIT FOR AUTH SUCCESS (7) --> DEACTIVATE (11)
[2] 0C34.2FF0::08/28/17-13:24:29.7512788 [Microsoft-Windows-WLAN-AutoConfig]Port[13] Peer 8A:15:14:B6:25:10 SecMgr Transition DEACTIVATE (11) --> INACTIVE (1)
[2] 0C34.2FF0::08/28/17-13:24:29.7513404 [Microsoft-Windows-WLAN-AutoConfig]FSM Transition from State:
Authenticating to State: Roaming</pre>
Authenticating to State: Roaming
```
In the trace above, we see the line:
<pre>
[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4</pre>
```console
[0]0000.0000::08/28/17-13:24:29.127 [Microsoft-Windows-NWiFi]DisAssoc: 0x8A1514B62510 Reason: 0x4
```
This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disassociate coming from the Access Point (AP), as an indication to deny the connection. This could be due to invalid credentials, connection parameters, loss of signal/roaming, and various other reasons for aborting a connection. The action here would be to examine the reason for the disassociate sent from the indicated AP MAC (8A:15:14:B6:25:10). This would be done by examining internal logging/tracing from the AP.
@ -238,7 +239,7 @@ This is followed by **PHY_STATE_CHANGE** and **PORT_DOWN** events due to a disas
## Example ETW capture
<pre>
```console
C:\tmp>netsh trace start wireless_dbg capture=yes overwrite=yes maxsize=4096 tracefile=c:\tmp\wireless.etl
Trace configuration:
@ -279,7 +280,7 @@ C:\tmp>dir
01/09/2019 02:59 PM 2,786,540 wireless.txt
3 File(s) 10,395,004 bytes
2 Dir(s) 46,648,332,288 bytes free
</pre>
```
## Wifi filter file

2
windows/client-management/change-default-removal-policy-external-storage-media.md
View File

@ -3,7 +3,7 @@ title: Windows 10 default media removal policy
description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal."
ms.prod: w10
author: Teresa-Motiv
ms.author: v-tea
ms.author: dougeby
ms.date: 11/25/2020
ms.topic: article
ms.custom:

2
windows/client-management/connect-to-remote-aadj-pc.md
View File

@ -73,7 +73,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
> When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
> [!NOTE]
> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).
> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in this [support article](/troubleshoot/windows-server/remote/remote-desktop-connection-6-prompts-credentials).
## Supported configurations

2
windows/client-management/determine-appropriate-page-file-size.md
View File

@ -67,7 +67,7 @@ Kernel memory crash dumps require enough page file space or dedicated dump file
Computers that are running Microsoft Windows or Microsoft Windows Server usually must have a page file to support a system crash dump. System administrators now have the option to create a dedicated dump file instead.
A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file.
A dedicated dump file is a page file that is not used for paging. Instead, it is “dedicated” to back a system crash dump file (Memory.dmp) when a system crash occurs. Dedicated dump files can be put on any disk volume that can support a page file. We recommend that you use a dedicated dump file if you want a system crash dump but you do not want a page file. To learn how to create it, see [Overview of memory dump file options for Windows](/troubleshoot/windows-server/performance/memory-dump-file-options).
## System-managed page files

2
windows/client-management/group-policies-for-enterprise-and-education-editions.md
View File

@ -32,7 +32,7 @@ In Windows 10, version 1607, the following Group Policy settings apply only to W
| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) |
| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](/windows/configuration/windows-spotlight) |
| **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | In Windows 10, version 1703, this policy setting can be applied to Windows 10 Pro. For more info, see [Manage Windows 10 Start layout options and policies](/windows/configuration/windows-10-start-layout-options-and-policies) |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](/troubleshoot/windows-client/group-policy/cannot-disable-microsoft-store). |
| **Only display the private store within the Microsoft Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app<br><br>User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Microsoft Store app | For more info, see [Manage access to private store](/microsoft-store/manage-access-to-private-store) |
| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](/windows/configuration/cortana-at-work/cortana-at-work-overview) |

2
windows/client-management/manage-settings-app-with-group-policy.md
View File

@ -26,7 +26,7 @@ To make use of the Settings App group policies on Windows server 2016, install f
>[!Note]
>Each server that you want to manage access to the Settings App must be patched.
If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra).
If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store).
This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.

2
windows/client-management/mandatory-user-profile.md
View File

@ -42,7 +42,7 @@ The name of the folder in which you store the mandatory profile must use the cor
| Windows 10, versions 1507 and 1511 | N/A | v5 |
| Windows 10, versions 1607, 1703, 1709, 1803, 1809, 1903 and 1909 | Windows Server 2016 and Windows Server 2019 | v6 |
For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
For more information, see [Deploy Roaming User Profiles, Appendix B](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles#appendix-b-profile-version-reference-information) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](/troubleshoot/windows-server/user-profiles-and-logon/roaming-user-profiles-versioning).
## Mandatory user profile

16
windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
View File

@ -39,11 +39,11 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
If you don't have a paid subscription to any Microsoft service, you can purchase an Azure AD premium subscription. Go to the Office 356 portal at https://portal.office.com/, and then sign in using the admin account that you created in Step 4 (for example, user1@contosoltd.onmicrosoftcom).
![login to office 365.](images/azure-ad-add-tenant4.png)
![login to office 365](images/azure-ad-add-tenant4.png)
6. Select **Install software**.
![login to office 365.](images/azure-ad-add-tenant5.png)
![login to office 365 portal](images/azure-ad-add-tenant5.png)
7. In the Microsoft 365 admin center, select **Purchase Services** from the left navigation.
@ -69,27 +69,27 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
1. Sign in to the Microsoft 365 admin center at <https://portal.office.com> using your organization's account.
![register azuread.](images/azure-ad-add-tenant10.png)
![register in azuread.](images/azure-ad-add-tenant10.png)
2. On the **Home** page, select on the Admin tools icon.
![register azuread.](images/azure-ad-add-tenant11.png)
![register in azure-ad.](images/azure-ad-add-tenant11.png)
3. On the **Admin center** page, hover your mouse over the Admin tools icon on the left and then click **Azure AD**. This will take you to the Azure Active Directory sign-up page and brings up your existing Office 365 organization account information.
![register azuread.](images/azure-ad-add-tenant12.png)
![register azuread](images/azure-ad-add-tenant12.png)
4. On the **Sign up** page, make sure to enter a valid phone number and then click **Sign up**.
![register azuread.](images/azure-ad-add-tenant13.png)
![registration in azure-ad](images/azure-ad-add-tenant13.png)
5. It may take a few minutes to process the request.
![register azuread.](images/azure-ad-add-tenant14.png)
![registration in azuread.](images/azure-ad-add-tenant14.png)
6. You will see a welcome page when the process completes.
![register azuread.](images/azure-ad-add-tenant15.png)
![register screen of azuread](images/azure-ad-add-tenant15.png)

2
windows/client-management/mdm/applicationcontrol-csp-ddf.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
author: dansimp
ms.date: 07/10/2019
---

2
windows/client-management/mdm/applicationcontrol-csp.md
View File

@ -6,7 +6,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
author: dansimp
ms.reviewer: jsuther1974
ms.date: 09/10/2020
---

687
windows/client-management/mdm/bitlocker-csp.md
View File

@ -28,7 +28,7 @@ For RequireDeviceEncryption and RequireStorageCardEncryption, the Get operation
The following shows the BitLocker configuration service provider in tree format.
```
```console
./Device/Vendor/MSFT
BitLocker
----RequireStorageCardEncryption
@ -63,85 +63,21 @@ BitLocker
<a href="" id="--device-vendor-msft-bitlocker"></a>**./Device/Vendor/MSFT/BitLocker**
Defines the root node for the BitLocker configuration service provider.
<!--Policy-->
<a href="" id="requirestoragecardencryption"></a>**RequireStorageCardEncryption**
<!--Description-->
Allows the administrator to require storage card encryption on the device. This policy is valid only for a mobile SKU.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
<!--/SupportedSKUs-->
Data type is integer. Sample value for this node to enable this policy: 1. Disabling this policy will not turn off the encryption on the storage card, but the user will no longer be prompted to turn it on.
<!--SupportedValues-->
- 0 (default) Storage cards do not need to be encrypted.
- 1 Require storage cards to be encrypted.
<!--/SupportedValues-->
Disabling this policy will not turn off the encryption on the system card, but the user will no longer be prompted to turn it on.
If you want to disable this policy use the following SyncML:
```xml
<SyncML>
<SyncBody>
<Replace>
<CmdID>$CmdID$</CmdID>
<Item>
<Target>
<LocURI>./Device/Vendor/MSFT/BitLocker/RequireStorageCardEncryption</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>0</Data>
</Item>
</Replace>
</SyncBody>
</SyncML>
```
Data type is integer. Supported operations are Add, Get, Replace, and Delete.
<!--/Policy-->
<!--Policy-->
<a href="" id="requiredeviceencryption"></a>**RequireDeviceEncryption**
<!--Description-->
Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
</tr>
</table>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->
Data type is integer. Sample value for this node to enable this policy: 1.
Supported operations are Add, Get, Replace, and Delete.
@ -193,24 +129,15 @@ If you want to disable this policy, use the following SyncML:
Allows you to set the default encryption method for each of the different drive types: operating system drives, fixed data drives, and removable data drives. Hidden, system, and recovery partitions are skipped from encryption. This setting is a direct mapping to the BitLocker Group Policy "Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)".
<!--/Description-->
<!--SupportedValues-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedValues-->
<!--ADMXMapped-->
ADMX Info:
@ -276,26 +203,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
Allows you to associate unique organizational identifiers to a new drive that is enabled with BitLocker.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -347,26 +263,15 @@ If you disable or do not configure this setting, the identification field is not
Allows users on devices that are compliant with InstantGo or the Microsoft Hardware Security Test Interface (HSTI) to not have a PIN for preboot authentication.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -400,26 +305,15 @@ If this policy is disabled, the options of "Require additional authentication at
Allows users to configure whether or not enhanced startup PINs are used with BitLocker.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -456,26 +350,15 @@ If you disable or do not configure this policy setting, enhanced PINs will not b
Allows you to configure whether standard users are allowed to change BitLocker PIN or password that is used to protect the operating system drive.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -512,26 +395,15 @@ Sample value for this node to disable this policy is:
Allows users to enable authentication options that require user input from the preboot environment, even if the platform indicates a lack of preboot input capability.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -574,26 +446,15 @@ When the Windows Recovery Environment is not enabled and this policy is not enab
Allows you to configure the encryption type that is used by BitLocker.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -633,26 +494,15 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo
This setting is a direct mapping to the BitLocker Group Policy "Require additional authentication at startup".
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -741,26 +591,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Configure minimum PIN length for startup".
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -818,26 +657,15 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo
(PrebootRecoveryInfo_Name).
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -907,26 +735,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected operating system drives can be recovered" (OSRecoveryUsage_Name).
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -1004,26 +821,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLocker-protected fixed drives can be recovered" ().
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -1110,26 +916,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to fixed drives not protected by BitLocker" (FDVDenyWriteAccess_Name).
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -1179,26 +974,15 @@ Data type is string. Supported operations are Add, Get, Replace, and Delete.
Allows you to configure the encryption type on fixed data drives that is used by BitLocker.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -1240,26 +1024,15 @@ For more information about the tool to manage BitLocker, see [Manage-bde](/windo
This setting is a direct mapping to the BitLocker Group Policy "Deny write access to removable drives not protected by BitLocker" (RDVDenyWriteAccess_Name).
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -1320,26 +1093,15 @@ Disabling the policy will let the system choose the default behaviors. If you wa
Allows you to configure the encryption type that is used by BitLocker.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -1375,26 +1137,15 @@ If this policy is disabled or not configured, the BitLocker Setup Wizard asks th
Allows you to control the use of BitLocker on removable data drives.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--ADMXMapped-->
ADMX Info:
@ -1445,26 +1196,15 @@ Allows the admin to disable the warning prompt for other disk encryption on the
> [!Warning]
> When you enable BitLocker on a device with third-party encryption, it may render the device unusable and require you to reinstall Windows.
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--SupportedValues-->
The following list shows the supported values:
@ -1509,26 +1249,15 @@ Allows Admin to enforce "RequireDeviceEncryption" policy for scenarios where pol
If "AllowWarningForOtherDiskEncryption" is not set, or is set to "1", "RequireDeviceEncryption" policy will not try to encrypt drive(s) if a standard user is the current logged on user in the system.
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--SupportedValues-->
The expected values for this policy are:
@ -1564,26 +1293,15 @@ This setting initiates a client-driven recovery password refresh after an OS dri
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
Value type is int. Supported operations are Add, Delete, Get, and Replace.
@ -1619,26 +1337,15 @@ Each server-side recovery key rotation is represented by a request ID. The serve
- RotateRecoveryPasswordsRequestID: Returns request ID of last request processed.
- RotateRecoveryPasswordsRotationStatus: Returns status of last request processed.
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
Value type is string. Supported operation is Execute. Request ID is expected as a parameter.
@ -1664,26 +1371,15 @@ Interior node. Supported operation is Get.
This node reports compliance state of device encryption on the system.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
<!--SupportedValues-->
@ -1732,26 +1428,15 @@ Status code can be one of the following:
- 0 - Pass
- Any other code - Failure HRESULT
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
</tr>
</table>
<!--/SupportedSKUs-->
Value type is int. Supported operation is Get.
@ -1767,26 +1452,14 @@ This node reports the RequestID corresponding to RotateRecoveryPasswordsStatus.
This node needs to be queried in synchronization with RotateRecoveryPasswordsStatus to ensure the status is correctly matched to the request ID.
<!--/Description-->
<!--SupportedSKUs-->
<table>
<tr>
<th>Home</th>
<th>Pro</th>
<th>Business</th>
<th>Enterprise</th>
<th>Education</th>
<th>Mobile</th>
</tr>
<tr>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/checkmark.png" alt="check mark" /></td>
<td><img src="images/crossmark.png" alt="cross mark" /></td>
</tr>
</table>
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!--/SupportedSKUs-->

2
windows/client-management/mdm/browserfavorite-csp.md
View File

@ -9,7 +9,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
ms.date: 06/26/2017
ms.date: 10/25/2021
---
# BrowserFavorite CSP

972
windows/client-management/mdm/change-history-for-mdm-documentation.md
View File

File diff suppressed because one or more lines are too long

2
windows/client-management/mdm/cleanpc-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/cleanpc-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/clientcertificateinstall-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 07/30/2021
---

2
windows/client-management/mdm/clientcertificateinstall-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/cm-cellularentries-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 08/02/2017
---

2
windows/client-management/mdm/cmpolicy-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/cmpolicyenterprise-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

651
windows/client-management/mdm/configuration-service-provider-reference.md
View File

File diff suppressed because it is too large Load Diff

2
windows/client-management/mdm/customdeviceui-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/customdeviceui-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

21
windows/client-management/mdm/data-structures-windows-store-for-business.md
View File

@ -1,17 +1,17 @@
---
title: Data structures for Microsoft Store for Business
description: Learn about the various data structures for Microsoft Store for Business.
MS-HAID:
- 'p\_phdevicemgmt.business\_store\_data\_structures'
- 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
ms.assetid: ABE44EC8-CBE5-4775-BA8A-4564CB73531B
ms.reviewer:
manager: dansimp
description: Learn about data structures for Microsoft Store for Business.
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 09/18/2017
---
@ -105,7 +105,7 @@ Specifies the properties of the alternate identifier.
|lastModified|dateTime|Specifies the last modified date for an application. Modifications for an application include updated product details, updates to an application, and updates to the quantity of an application.|
|licenseType|[LicenseType](#licensetype)|Indicates whether the set of seats for a given application supports online or offline licensing.|
|distributionPolicy|[InventoryDistributionPolicy](#inventorydistributionpolicy)||
|Status|[InventoryStatus](#inventorystatus)||
|status|[InventoryStatus](#inventorystatus)||
## InventoryResultSet
@ -191,20 +191,19 @@ Specifies the properties of the localized product.
|packageFamilyName|String||
|supportedPlatforms|Collection of [ProductPlatform](#productplatform)||
## ProductImage
Specifies the properties of the product image.
|Name|Type|Description|
|--- |--- |--- |
|Location|URI|Location of the download image.|
|Purpose|String|Tag for the purpose of the image, for example "screenshot" or "logo".|
|Height|String|Height of the image in pixels.|
|Width|String|Width of the image in pixels.|
|Caption|String|Unlimited length.|
|backgroundColor|String|Format "#RRGGBB"|
|foregroundColor|String|Format "#RRGGBB"|
|location|URI|Location of the download image.|
|purpose|string|Tag for the image, for example "screenshot" or "logo".|
|height|string|Height of the image in pixels.|
|width|string|Width of the image in pixels.|
|caption|string|Unlimited length.|
|backgroundColor|string|Format "#RRGGBB"|
|foregroundColor|string|Format "#RRGGBB"|
|fileSize|integer-64|Size of the file.|
## ProductKey

2
windows/client-management/mdm/defender-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.localizationpriority: medium
ms.date: 07/23/2021
---

8
windows/client-management/mdm/devdetail-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 03/27/2020
---
@ -77,7 +77,7 @@ For Windows 10 for desktop editions (Home, Pro, Enterprise, and Education), it r
Supported operation is Get.
<a href="" id="swv"></a>**SwV**
Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the desktop and mobile build number on the phone. In the future, the build numbers may converge.
Required. Returns the Windows 10 OS software version in the format MajorVersion.MinorVersion.BuildNumber.QFEnumber. Currently the BuildNumber returns the build number on the client device. In the future, the build numbers may converge.
Supported operation is Get.
@ -114,6 +114,8 @@ Supported operation is Get.
This value is the largest number of characters that the device can support in a single URI segment. The default value zero (0) indicates that the device supports URI segment of unlimited length.
<!-- 12.15.2021 (mandia): Based on the description, I'm assuming this ID is specific to Windows 10 Mobile. Commented out as Windows 10 Mobile is past EoL.
<a href="" id="ext-microsoft-mobileid"></a>**Ext/Microsoft/MobileID**
Required. Returns the mobile device ID associated with the cellular network. Returns 404 for devices that don't have a cellular network support.
@ -121,6 +123,8 @@ Supported operation is Get.
The IMSI value is returned for GSM and UMTS networks. CDMA and worldwide phones will return a 404 Not Found status code error if queried for this element.
-->
<a href="" id="ext-microsoft-radioswv"></a>**Ext/Microsoft/RadioSwV**
Required. Returns the radio stack software version number.

2
windows/client-management/mdm/devdetail-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/03/2020
---

2
windows/client-management/mdm/developersetup-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2018
---

2
windows/client-management/mdm/developersetup-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/device-update-management.md
View File

@ -9,7 +9,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 11/15/2017
ms.collection: highpri
---

8
windows/client-management/mdm/devicelock-csp.md
View File

@ -8,12 +8,15 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---
# DeviceLock CSP
This policy is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
<!-- 12.16.2021 mandia: Commenting out, as this CSP is specific to Windows Phone 8.1.
The DeviceLock configuration service provider is used by the enterprise management server to configure device lock related policies. This configuration service provider is supported by an enterprise management server.
@ -304,7 +307,10 @@ All node values under the **ProviderID** interior node represent the policy valu
The value applied to the device can be queried via the nodes under the **DeviceValue** interior node.
-->
## Related articles
[Policy CSP](policy-configuration-service-provider.md)
[Configuration service provider reference](configuration-service-provider-reference.md)

17
windows/client-management/mdm/devicelock-ddf-file.md
View File

@ -8,12 +8,15 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---
# DeviceLock DDF file
This policy is deprecated. Use [Policy CSP](policy-configuration-service-provider.md) instead.
<!-- 12.16.2021 mandia: Commenting out, as this CSP is specific to Windows Phone 8.1.
This topic shows the OMA DM device description framework (DDF) for the **DeviceLock** configuration service provider. DDF files are used only with OMA DM provisioning XML.
@ -496,18 +499,10 @@ This topic shows the OMA DM device description framework (DDF) for the **DeviceL
</Node>
</MgmtTree>
```
-->
## Related topics
[Policy CSP](policy-configuration-service-provider.md)
[DeviceLock configuration service provider](devicelock-csp.md)
 
 

2
windows/client-management/mdm/devicemanageability-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 11/01/2017
---

2
windows/client-management/mdm/devicemanageability-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/devicestatus-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/25/2021
---

2
windows/client-management/mdm/devicestatus-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 03/12/2018
---

2
windows/client-management/mdm/devinfo-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/devinfo-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

8
windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/25/2018
ms.collection: highpri
---
@ -36,12 +36,12 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
You can also collect the MDM Diagnostic Information logs using the following command:
```xml
mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -cab c:\users\public\documents\MDMDiagReport.cab
mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip
```
- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
### Understanding cab structure
The cab file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the cab files collected via command line or Feedback Hub
### Understanding zip structure
The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)

12
windows/client-management/mdm/diagnosticlog-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 11/19/2019
---
@ -246,7 +246,15 @@ la--- 1/4/2021 2:45 PM 1
la--- 1/4/2021 2:45 PM 2
la--- 12/2/2020 6:27 PM 2701 results.xml
```
Each data gathering directive from the original `Collection` XML corresponds to a folder in the output. For example, if the first directive was <RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey> then folder `1` will contain the corresponding `export.reg` file.
Each data gathering directive from the original `Collection` XML corresponds to a folder in the output.
For example, the first directive was:
```xml
<Collection HRESULT="0">
<RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey>
</Collection>
```
then folder `1` will contain the corresponding `export.reg` file.
The `results.xml` file is the authoritative map to the output. It includes a status code for each directive. The order of the directives in the file corresponds to the order of the output folders. Using `results.xml` the administrator can see what data was gathered, what failures may have occurred, and which folders contain which output. For example, the following `results.xml` content indicates that registry export of HKLM\Software\Policies was successful and the data can be found in folder `1`. It also indicates that `netsh.exe wlan show profiles` command failed.

2
windows/client-management/mdm/diagnosticlog-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
View File

@ -11,7 +11,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/dmacc-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/dmacc-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/dmclient-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 11/01/2017
---

2
windows/client-management/mdm/dmclient-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/dmprocessconfigxmlfiltered.md
View File

@ -18,7 +18,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/dmsessionactions-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/dmsessionactions-ddf.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/dynamicmanagement-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/dynamicmanagement-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/eap-configuration.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/email2-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/email2-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

2
windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.localizationpriority: medium
ms.date: 11/01/2017
ms.reviewer:

54
windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
View File

@ -6,7 +6,7 @@ ms.topic: article
ms.prod: w10
ms.technology: windows
author: dansimp
ms.date: 10/14/2021
ms.date: 01/03/2022
ms.reviewer:
manager: dansimp
ms.collection: highpri
@ -14,6 +14,10 @@ ms.collection: highpri
# Enroll a Windows 10 device automatically using Group Policy
**Applies to:**
- Windows 10
Starting in Windows 10, version 1709, you can use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
The enrollment into Intune is triggered by a group policy created on your local AD and happens without any user interaction. This means you can automatically mass-enroll a large number of domain-joined corporate devices into Microsoft Intune. The enrollment process starts in the background once you sign in to the device with your Azure AD account.
@ -45,11 +49,12 @@ For this policy to work, you must verify that the MDM service provider allows th
## Verify auto-enrollment requirements and settings
To ensure that the auto-enrollment feature is working as expected, you must verify that various requirements and settings are configured correctly.
The following steps demonstrate required settings using the Intune service:
1. Verify that the user who is going to enroll the device has a valid Intune license.
![Intune license verification.](images/auto-enrollment-intune-license-verification.png)
1. Verify that the user who is going to enroll the device has a valid Endpoint Protection Manager license.
2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Intune. For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
:::image type="content" alt-text="Intune license verification." source="images/auto-enrollment-intune-license-verification.png" lightbox="images/auto-enrollment-intune-license-verification.png":::
2. Verify that auto-enrollment is activated for those users who are going to enroll the devices into Mobile Device Management (MDM). For additional details, see [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](./azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md).
![Auto-enrollment activation verification.](images/auto-enrollment-activation-verification.png)
@ -79,7 +84,7 @@ The following steps demonstrate required settings using the Intune service:
6. Some tenants might have both **Microsoft Intune** and **Microsoft Intune Enrollment** under **Mobility**. Make sure that your auto-enrollment settings are configured under **Microsoft Intune** instead of **Microsoft Intune Enrollment**.
![Mobility setting MDM intune.](images/auto-enrollment-microsoft-intune-setting.png)
:::image type="content" alt-text="Mobility setting MDM intune." source="images/auto-enrollment-microsoft-intune-setting.png" lightbox="images/auto-enrollment-microsoft-intune-setting.png":::
7. Verify that the *Enable Automatic MDM enrollment using default Azure AD credentials* group policy (**Local Group Policy Editor > Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is properly deployed to all devices which should be enrolled into Intune.
You may contact your domain administrators to verify if the group policy has been deployed successfully.
@ -88,7 +93,7 @@ You may contact your domain administrators to verify if the group policy has bee
9. Verify that Microsoft Intune should allow enrollment of Windows devices.
![Enrollment of Windows devices.](images/auto-enrollment-enrollment-of-windows-devices.png)
:::image type="content" alt-text="Enrollment of Windows devices." source="images/auto-enrollment-enrollment-of-windows-devices.png" lightbox="images/auto-enrollment-enrollment-of-windows-devices.png":::
## Configure the auto-enrollment Group Policy for a single PC
@ -109,12 +114,11 @@ Requirements:
3. In **Local Computer Policy**, click **Administrative Templates** > **Windows Components** > **MDM**.
> [!div class="mx-imgBorder"]
> ![MDM policies.](images/autoenrollment-mdm-policies.png)
:::image type="content" alt-text="MDM policies." source="images/autoenrollment-mdm-policies.png" lightbox="images/autoenrollment-mdm-policies.png":::
4. Double-click **Enable automatic MDM enrollment using default Azure AD credentials** (previously called **Auto MDM Enrollment with AAD Token** in Windows 10, version 1709). For ADMX files in Windows 10, version 1903 and later, select **User Credential** as the Selected Credential Type to use.
![MDM autoenrollment policy.](images/autoenrollment-policy.png)
:::image type="content" alt-text="MDM autoenrollment policy." source="images/autoenrollment-policy.png" lightbox="images/autoenrollment-policy.png":::
5. Click **Enable**, and select **User Credential** from the dropdown **Select Credential Type to Use**, then click **OK**.
@ -155,7 +159,7 @@ Requirements:
3. In **Task Scheduler Library**, open **Microsoft > Windows** , then click **EnterpriseMgmt**.
![Auto-enrollment scheduled task.](images/autoenrollment-scheduled-task.png)
:::image type="content" alt-text="Auto-enrollment scheduled task." source="images/autoenrollment-scheduled-task.png" lightbox="images/autoenrollment-scheduled-task.png":::
To see the result of the task, move the scroll bar to the right to see the **Last Run Result**. Note that **0x80180026** is a failure message (MENROLL\_E_DEVICE\_MANAGEMENT_BLOCKED). You can see the logs in the **History** tab.
@ -191,6 +195,9 @@ Requirements:
- 21H1 --> [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
- 21H2 --> [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)](https://www.microsoft.com/download/103667)
2. Install the package on the Domain Controller.
3. Navigate, depending on the version to the folder:
@ -209,11 +216,13 @@ Requirements:
- 21H1 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 May 2021 Update (21H1)**
- 21H2 --> **C:\Program Files (x86)\Microsoft Group Policy\Windows 10 November 2021 Update (21H2)**
4. Rename the extracted Policy Definitions folder to **PolicyDefinitions**.
5. Copy PolicyDefinitions folder to **\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions**.
5. Copy PolicyDefinitions folder to **\\SYSVOL\contoso.com\policies\PolicyDefinitions**.
If this folder does not exist, then be aware that you will be switching to a [central policy store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) for your entire domain.
If this folder does not exist, then be aware that you will be switching to a [central policy store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store) for your entire domain.
6. Wait for the SYSVOL DFSR replication to be completed for the policy to be available.
@ -240,21 +249,21 @@ To collect Event Viewer logs:
3. Search for event ID 75, which represents a successful auto-enrollment. Here is an example screenshot that shows the auto-enrollment completed successfully:
![Event ID 75.](images/auto-enrollment-troubleshooting-event-id-75.png)
:::image type="content" alt-text="Event ID 75." source="images/auto-enrollment-troubleshooting-event-id-75.png" lightbox="images/auto-enrollment-troubleshooting-event-id-75.png":::
If you cannot find event ID 75 in the logs, it indicates that the auto-enrollment failed. This can happen because of the following reasons:
- The enrollment failed with error. In this case, search for event ID 76, which represents failed auto-enrollment. Here is an example screenshot that shows that the auto-enrollment failed:
![Event ID 76.](images/auto-enrollment-troubleshooting-event-id-76.png)
:::image type="content" alt-text="Event ID 76." source="images/auto-enrollment-troubleshooting-event-id-76.png" lightbox="images/auto-enrollment-troubleshooting-event-id-76.png":::
To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](https://support.microsoft.com/en-ph/help/4469913/troubleshooting-windows-device-enrollment-problems-in-microsoft-intune) for more information.
To troubleshoot, check the error code that appears in the event. See [Troubleshooting Windows device enrollment problems in Microsoft Intune](/troubleshoot/mem/intune/troubleshoot-windows-enrollment-errors) for more information.
- The auto-enrollment did not trigger at all. In this case, you will not find either event ID 75 or event ID 76. To know the reason, you must understand the internal mechanisms happening on the device as described in the following section.
The auto-enrollment process is triggered by a task (**Microsoft > Windows > EnterpriseMgmt**) within the task-scheduler. This task appears if the *Enable automatic MDM enrollment using default Azure AD credentials* group policy (**Computer Configuration > Policies > Administrative Templates > Windows Components > MDM**) is successfully deployed to the target machine as shown in the following screenshot:
![Task scheduler.](images/auto-enrollment-task-scheduler.png)
:::image type="content" alt-text="Task scheduler." source="images/auto-enrollment-task-scheduler.png" lightbox="images/auto-enrollment-task-scheduler.png":::
> [!Note]
> This task isn't visible to standard users - run Scheduled Tasks with administrative credentials to find the task.
@ -263,24 +272,24 @@ To collect Event Viewer logs:
**Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational**.
Look for an entry where the task scheduler created by enrollment client for automatically enrolling in MDM from AAD is triggered by event ID 107.
![Event ID 107.](images/auto-enrollment-event-id-107.png)
:::image type="content" alt-text="Event ID 107." source="images/auto-enrollment-event-id-107.png" lightbox="images/auto-enrollment-event-id-107.png":::
When the task is completed, a new event ID 102 is logged.
![Event ID 102.](images/auto-enrollment-event-id-102.png)
:::image type="content" alt-text="Event ID 102." source="images/auto-enrollment-event-id-102.png" lightbox="images/auto-enrollment-event-id-102.png":::
Note that the task scheduler log displays event ID 102 (task completed) regardless of the auto-enrollment success or failure. This means that the task scheduler log is only useful to confirm if the auto-enrollment task is triggered or not. It does not indicate the success or failure of auto-enrollment.
If you cannot see from the log that task Schedule created by enrollment client for automatically enrolling in MDM from AAD is initiated, there is possibly issue with the group policy. Immediately run the command `gpupdate /force` in command prompt to get the GPO applied. If this still does not help, further troubleshooting on the Active Directory is required.
One frequently seen error is related to some outdated enrollment entries in the registry on the target client device (**HKLM > Software > Microsoft > Enrollments**). If a device has been enrolled (can be any MDM solution and not only Intune), some enrollment information added into the registry is seen:
![Outdated enrollment entries.](images/auto-enrollment-outdated-enrollment-entries.png)
:::image type="content" alt-text="Outdated enrollment entries." source="images/auto-enrollment-outdated-enrollment-entries.png" lightbox="images/auto-enrollment-outdated-enrollment-entries.png":::
By default, these entries are removed when the device is un-enrolled, but occasionally the registry key remains even after un-enrollment. In this case, `gpupdate /force` fails to initiate the auto-enrollment task and error code 2149056522 is displayed in the **Applications and Services Logs > Microsoft > Windows > Task Scheduler > Operational** event log file under event ID 7016.
A resolution to this issue is to remove the registry key manually. If you do not know which registry key to remove, go for the key which displays most entries as the screenshot above. All other keys will display fewer entries as shown in the following screenshot:
![Manually deleted entries.](images/auto-enrollment-activation-verification-less-entries.png)
:::image type="content" alt-text="Manually deleted entries." source="images/auto-enrollment-activation-verification-less-entries.png" lightbox="images/auto-enrollment-activation-verification-less-entries.png":::
### Related topics
@ -289,13 +298,14 @@ To collect Event Viewer logs:
- [Link a Group Policy Object](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732979(v=ws.11))
- [Filter Using Security Groups](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc752992(v=ws.11))
- [Enforce a Group Policy Object Link](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753909(v=ws.11))
- [Group Policy Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra)
- [Getting started with Cloud Native Windows Endpoints](https://docs.microsoft.com/mem/cloud-native-windows-endpoints)
- [Group Policy Central Store](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
- [Getting started with Cloud Native Windows Endpoints](/mem/cloud-native-windows-endpoints)
- [A Framework for Windows endpoint management transformation](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/a-framework-for-windows-endpoint-management-transformation/ba-p/2460684)
- [Success with remote Windows Autopilot and Hybrid Azure Active Director join](https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353)
### Useful Links
- [Windows 10 Administrative Templates for Windows 10 November 2021 Update 21H2](https://www.microsoft.com/download/103667)
- [Windows 10 Administrative Templates for Windows 10 May 2021 Update 21H1](https://www.microsoft.com/download/details.aspx?id=103124)
- [Windows 10 Administrative Templates for Windows 10 November 2019 Update 1909](https://www.microsoft.com/download/details.aspx?id=100591)
- [Windows 10 Administrative Templates for Windows 10 May 2019 Update 1903](https://www.microsoft.com/download/details.aspx?id=58495)

2
windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
author: dansimp
ms.date: 05/17/2019
---

2
windows/client-management/mdm/enrollmentstatustracking-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: ManikaDhiman
author: dansimp
ms.date: 05/21/2019
---

2
windows/client-management/mdm/enterpriseapn-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 09/22/2017
---

2
windows/client-management/mdm/enterpriseapn-ddf.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---

5
windows/client-management/mdm/enterpriseappmanagement-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---
@ -18,8 +18,7 @@ ms.date: 06/26/2017
The EnterpriseAppManagement enterprise configuration service provider is used to handle enterprise application management tasks such as installing an enterprise application token, the first auto-downloadable app link, querying installed enterprise applications (name and version), auto updating already installed enterprise applications, and removing all installed enterprise apps (including the enterprise app token) during unenrollment.
> [!NOTE]
> The EnterpriseAppManagement CSP is only supported in Windows 10 Mobile.
> The EnterpriseAppManagement CSP is only supported in Windows 10 IoT Core.
The following shows the EnterpriseAppManagement configuration service provider in tree format.

2
windows/client-management/mdm/enterpriseappvmanagement-csp.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
ms.reviewer:
manager: dansimp

2
windows/client-management/mdm/enterpriseappvmanagement-ddf.md
View File

@ -5,7 +5,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
ms.reviewer:
manager: dansimp

1116
windows/client-management/mdm/enterpriseassignedaccess-csp.md
View File

File diff suppressed because it is too large Load Diff

328
windows/client-management/mdm/enterpriseassignedaccess-ddf.md
View File

@ -1,328 +0,0 @@
---
title: EnterpriseAssignedAccess DDF
description: Utilize the OMA DM device description framework (DDF) for the EnterpriseAssignedAccess configuration service provider.
ms.assetid: 8BD6FB05-E643-4695-99A2-633995884B37
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/05/2017
---
# EnterpriseAssignedAccess DDF
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseAssignedAccess** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>EnterpriseAssignedAccess</NodeName>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>com.microsoft/1.1/MDM/EnterpriseAssignedAccess</MIME>
</DFType>
</DFProperties>
<Node>
<NodeName>AssignedAccess</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>AssignedAccessXml</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>LockScreenWallpaper</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>BGFileName</NodeName>
<DFProperties>
<AccessType>
<Add />
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Theme</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>ThemeBackground</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ThemeAccentColorID</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>ThemeAccentColorValue</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Clock</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>TimeZone</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Locale</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Language</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```
 
 

270
windows/client-management/mdm/enterpriseassignedaccess-xsd.md
View File

@ -1,270 +0,0 @@
---
title: EnterpriseAssignedAccess XSD
description: This XSD can be used to validate that the lockdown XML in the \<Data\> block of the AssignedAccessXML node.
ms.assetid: BB3B633E-E361-4B95-9D4A-CE6E08D67ADA
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# EnterpriseAssignedAccess XSD
This XSD can be used to validate that the lockdown XML in the \<Data\> block of the AssignedAccessXML node.
```xml
<?xml version="1.0" encoding="utf-16LE" ?>
<!--
In-memory format is Little Endian and
hence the encoding of this file has to be little endian
to be in the native format. Make sure that this file's
encoding is Unicode-16 LE (Unicode Codepage 1200)
-->
<xs:schema
xmlns:xs="http://www.w3.org/2001/XMLSchema"
elementFormDefault="qualified"
>
<!-- COMPLEX TYPE: ROLE LIST TYPE -->
<xs:complexType name="role_list_t">
<xs:sequence minOccurs="1" maxOccurs="1">
<xs:element name="Role" type="role_t" minOccurs="1" maxOccurs="unbounded"/>
</xs:sequence>
</xs:complexType>
<!-- COMPLEX TYPE: START SCREEN SIZE TYPE -->
<xs:simpleType name="startscreen_size_t">
<xs:restriction base="xs:string">
<!-- Small: 4 columns-->
<xs:enumeration value="Small"/>
<!-- Large: 6 columns-->
<xs:enumeration value="Large"/>
</xs:restriction>
</xs:simpleType>
<!-- COMPLEX TYPE: APPLICATION LIST TYPE -->
<xs:complexType name="application_list_t">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="Application" type="application_t" minOccurs="0" maxOccurs="unbounded" >
<xs:key name="productIdOrfolderId">
<xs:selector xpath="."/>
<xs:field xpath="@productId|@folderId"/>
</xs:key>
</xs:element>
</xs:sequence>
</xs:complexType>
<!-- COMPLEX TYPE: BUTTON LIST TYPE -->
<xs:complexType name="button_list_t">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="Button" minOccurs="0" maxOccurs="unbounded" type="button_t">
<xs:unique name="ButtonEventUnique">
<xs:selector xpath="ButtonEvent" />
<xs:field xpath="@name" />
</xs:unique>
</xs:element>
</xs:sequence>
</xs:complexType>
<!-- COMPLEX TYPE: MENU ITEM LIST TYPE -->
<xs:complexType name="menu_item_list_t">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="DisableMenuItems" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<!-- COMPLEX TYPE: START SCREEN TILE MANIPULATION TYPE -->
<xs:complexType name="tile_manipulation_t">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="EnableTileManipulation" minOccurs="0" maxOccurs="1"/>
</xs:sequence>
</xs:complexType>
<!-- COMPLEX TYPE: DEFAULT TYPE -->
<xs:complexType name="default_basic_t">
<xs:sequence minOccurs="1">
<xs:element name="ActionCenter" type="actioncenter_t" minOccurs="1"/>
<xs:element name="WLANSSID" type="wlanssid_t" minOccurs="0"/>
<xs:element name="Apps" type="application_list_t" minOccurs="1">
<xs:unique name="duplicateAppsForbidden">
<xs:selector xpath="Application"/>
<xs:field xpath="@productId"/>
<xs:field xpath="@aumid"/>
</xs:unique>
</xs:element>
<xs:element name="Buttons" minOccurs="1">
<xs:complexType>
<xs:all>
<xs:element name="ButtonLockdownList" type="button_list_t" minOccurs="0">
<xs:unique name="ButtonLockdownUnique">
<xs:selector xpath="Button" />
<xs:field xpath="@name" />
</xs:unique>
</xs:element>
<xs:element name="ButtonRemapList" type="button_list_t" minOccurs="0">
<xs:unique name="ButtonRemapUnique">
<xs:selector xpath="Button" />
<xs:field xpath="@name" />
</xs:unique>
</xs:element>
</xs:all>
</xs:complexType>
</xs:element>
<xs:element name="CSPRunner" minOccurs="0"/>
<xs:element name="MenuItems" type="menu_item_list_t" minOccurs="1"/>
<xs:element name="Settings" minOccurs="1">
<xs:complexType>
<xs:sequence>
<xs:element name="System" type="setting_t" minOccurs="0" maxOccurs="unbounded" />
<xs:element name="Application" type="setting_t" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
</xs:complexType>
</xs:element>
<xs:element name="Tiles" type="tile_manipulation_t" minOccurs="0" ></xs:element>
</xs:sequence>
</xs:complexType>
<!-- COMPLEX TYPE: ROLE TYPE -->
<xs:complexType name="role_t">
<xs:complexContent>
<xs:extension base="default_basic_t">
<xs:attribute name="guid" type="guid_t" use="required"/>
<xs:attribute name="name" type="xs:string" use="required"/>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- COMPLEX TYPE: DEFAULT ROLE TYPE -->
<xs:complexType name="default_role_t">
<xs:complexContent>
<xs:extension base="default_basic_t">
<xs:sequence minOccurs="1">
<xs:element name="StartScreenSize" type="startscreen_size_t" minOccurs="1"/>
</xs:sequence>
</xs:extension>
</xs:complexContent>
</xs:complexType>
<!-- COMPLEX TYPE: Action Center -->
<xs:complexType name="actioncenter_t">
<xs:attribute type="xs:boolean" name="enabled" use="required"/>
<xs:attribute type="xs:integer" name="actionCenterNotificationEnabled" use="optional"/>
<xs:attribute type="xs:integer" name="aboveLockToastEnabled" use="optional"/>
</xs:complexType>
<!-- COMPLEX TYPE: APPLICATION TYPE -->
<xs:complexType name="application_t">
<xs:all minOccurs="0">
<xs:element name="PinToStart" type="start_tile_t" />
</xs:all>
<xs:attribute name="productId" type="guid_t"/>
<xs:attribute name="aumid" type="xs:string" use="optional"/>
<xs:attribute name="folderName" type="xs:string" use="optional"/>
<xs:attribute name="folderId" type="xs:integer"/>
<xs:attribute name="parameters" type="xs:string" use="optional"/>
<xs:attribute name="autoRun" type="xs:boolean" use="optional"/>
</xs:complexType>
<!-- COMPLEX TYPE: START SCREEN TILE CONFIGURATION TYPE-->
<xs:complexType name="start_tile_t">
<xs:all minOccurs="1" maxOccurs="1">
<xs:element name="Size" type="tile_size_t" minOccurs="1" />
<xs:element name="Location" type="tile_location_t" minOccurs="1" />
<xs:element name="ParentFolderId" type="xs:unsignedLong" minOccurs="0" maxOccurs="1" />
</xs:all>
</xs:complexType>
<!-- COMPLEX TYPE: SETTING TYPE -->
<xs:complexType name="setting_t">
<xs:attribute name="name" type="xs:string" use="required"/>
</xs:complexType>
<!-- COMPLEX TYPE: BUTTON TYPE -->
<xs:complexType name="button_t">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="ButtonEvent" type="button_event_t" minOccurs="0" maxOccurs="unbounded" />
</xs:sequence>
<xs:attribute name="name" type="supported_button_t" use="required"/>
</xs:complexType>
<!-- COMPLEX TYPE: BUTTON EVENT TYPE -->
<xs:complexType name="button_event_t">
<xs:all minOccurs="0" maxOccurs="1">
<xs:element name="Application" type="application_t" minOccurs="0" maxOccurs="1" >
<xs:key name="productIdOnly">
<xs:selector xpath="."/>
<xs:field xpath="@productId"/>
</xs:key>
</xs:element>
</xs:all>
<xs:attribute name="name" type="supported_button_event_t" use="required"/>
</xs:complexType>
<!--COMPLEX TYPE: START TILE TYPE-->
<xs:complexType name="tile_location_t">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="LocationX" type="xs:unsignedLong"/>
<xs:element name="LocationY" type="xs:unsignedLong"/>
</xs:sequence>
</xs:complexType>
<!-- SIMPLE TYPE: SUPPORTED BUTTON TYPE -->
<xs:simpleType name="supported_button_t">
<xs:restriction base="xs:string">
<xs:enumeration value="Back"/>
<xs:enumeration value="Start"/>
<xs:enumeration value="Search"/>
<xs:enumeration value="Camera"/>
<xs:enumeration value="Custom1"/>
<xs:enumeration value="Custom2"/>
<xs:enumeration value="Custom3"/>
</xs:restriction>
</xs:simpleType>
<!-- SIMPLE TYPE: SUPPORTED BUTTON EVENT TYPE -->
<xs:simpleType name="supported_button_event_t">
<xs:restriction base="xs:string">
<xs:enumeration value="All"/>
<xs:enumeration value="Press"/>
<xs:enumeration value="PressAndHold"/>
</xs:restriction>
</xs:simpleType>
<!-- SIMPLE TYPE: GUID -->
<xs:simpleType name="guid_t">
<xs:restriction base="xs:string">
<xs:pattern value="\{[0-9a-fA-F]{8}\-([0-9a-fA-F]{4}\-){3}[0-9a-fA-F]{12}\}"/>
</xs:restriction>
</xs:simpleType>
<!--SIMPLE TYPE: TILE SIZE-->
<xs:simpleType name="tile_size_t">
<xs:restriction base="xs:string">
<xs:enumeration value="Small"/>
<xs:enumeration value="Medium"/>
<xs:enumeration value="Large"/>
</xs:restriction>
</xs:simpleType>
<!-- COMPLEX TYPE: WLANSSID -->
<xs:complexType name="wlanssid_t">
<xs:sequence minOccurs="0" maxOccurs="1">
<xs:element name="Data" type="xs:string"/>
<xs:element name="Exclusive" type="xs:boolean"/>
</xs:sequence>
</xs:complexType>
<!-- SCHEMA -->
<xs:element name="HandheldLockdown">
<xs:complexType>
<xs:all minOccurs="1">
<xs:element name="Default" type="default_role_t"/>
<xs:element name="RoleList" type="role_list_t" minOccurs="0">
<xs:unique name="duplicateRolesForbidden">
<xs:selector xpath="Role"/>
<xs:field xpath="@guid"/>
</xs:unique>
</xs:element>
</xs:all>
<xs:attribute name="version" use="required" type="xs:decimal"/>
</xs:complexType>
</xs:element>
</xs:schema>
```
 
 

25
windows/client-management/mdm/enterprisedataprotection-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 08/09/2017
---
@ -38,7 +38,6 @@ EnterpriseDataProtection
--------EDPEnforcementLevel
--------EnterpriseProtectedDomainNames
--------AllowUserDecryption
--------RequireProtectionUnderLockConfig
--------DataRecoveryCertificate
--------RevokeOnUnenroll
--------RMSTemplateIDForEDP
@ -95,24 +94,6 @@ The following list shows the supported values:
Most restricted value is 0.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
<a href="" id="settings-requireprotectionunderlockconfig"></a>**Settings/RequireProtectionUnderLockConfig**
Specifies whether the protection under lock feature (also known as encrypt under pin) should be configured. A PIN must be configured on the device before you can apply this policy.
The following list shows the supported values:
- 0 (default) Not required.
- 1 Required.
Most restricted value is 1.
The CSP checks the current edition and hardware support (TPM), and returns an error message if the device does not have the required hardware.
> [!Note]
> This setting is only supported in Windows 10 Mobile.
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
<a href="" id="settings-datarecoverycertificate"></a>**Settings/DataRecoveryCertificate**
@ -250,7 +231,7 @@ For EFSCertificate KeyTag, it is expected to be a DER ENCODED binary certificate
Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
<a href="" id="settings-revokeonunenroll"></a>**Settings/RevokeOnUnenroll**
This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don&#39;t revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Prior to sending the unenroll command, when you want a device to do a selective wipe when it is unenrolled, then you should explicitly set this policy to 1.
This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after unenrollment. If the keys are not revoked, there will be no revoked file cleanup subsequently. Prior to sending the unenroll command, when you want a device to do a selective wipe when it is unenrolled, then you should explicitly set this policy to 1.
The following list shows the supported values:
@ -260,7 +241,7 @@ The following list shows the supported values:
Supported operations are Add, Get, Replace, and Delete. Value type is integer.
<a href="" id="settings-revokeonmdmhandoff"></a>**Settings/RevokeOnMDMHandoff**
Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don&#39;t revoke keys), the keys will not be revoked and the user will continue to have access to protected files after upgrade. This is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys will not be revoked and the user will continue to have access to protected files after upgrade. This is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
- 0 - Don't revoke keys
- 1 (default) - Revoke keys

25
windows/client-management/mdm/enterprisedataprotection-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 12/05/2017
---
@ -141,29 +141,6 @@ The XML below is the current version for this CSP.
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>RequireProtectionUnderLockConfig</NodeName>
<DFProperties>
<AccessType>
<Get />
<Add />
<Delete />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DataRecoveryCertificate</NodeName>
<DFProperties>

2
windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 07/11/2017
---

2
windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

2
windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
View File

@ -8,7 +8,7 @@ ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
author: dansimp
ms.date: 06/26/2017
---

386
windows/client-management/mdm/enterpriseext-csp.md
View File

@ -1,386 +0,0 @@
---
title: EnterpriseExt CSP
description: Learn how the EnterpriseExt CSP allows OEMs to set their own unique ID for their devices, set display brightness values, and set the LED behavior.
ms.assetid: ACA5CD79-BBD5-4DD1-86DA-0285B93982BD
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# EnterpriseExt CSP
The EnterpriseExt configuration service provider allows OEMs to set their own unique ID for their devices, set display brightness values, and set the LED behavior.
> **Note**   The EnterpriseExt CSP is only supported in Windows 10 Mobile.
 
The following shows the EnterpriseExt configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning.
```
./Vendor/MSFT
EnterpriseExt
----DeviceCustomData
--------CustomID
--------CustomString
----Brightness
--------Default
--------MaxAuto
----LedAlertNotification
--------State
--------Intensity
--------Period
--------DutyCycle
--------Cyclecount
```
The following list shows the characteristics and parameters.
<a href="" id="--vendor-msft-enterpriseext"></a>**./Vendor/MSFT/EnterpriseExt**
The root node for the EnterpriseExt configuration service provider. Supported operations is Get.
<a href="" id="devicecustomdata"></a>**DeviceCustomData**
Node for setting the custom device ID and string.
<a href="" id="devicecustomdata-customid"></a>**DeviceCustomData/CustomID**
Any string value as the device ID. This value appears in **Settings** > **About** > **Info**.
Here's an example for getting custom data.
```xml
<?xml version="1.0"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Get>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/DeviceCustomData/CustomID</LocURI>
</Target>
</Item>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/DeviceCustomData/CustomString</LocURI>
</Target>
</Item>
</Get>
<Final/>
</SyncBody>
</SyncML>
```
<a href="" id="devicecustomdata-customstring"></a>**DeviceCustomData/CustomString**
Any string value that is associated with the device.
Here's an example for setting custom data.
```xml
<?xml version="1.0"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>1</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/DeviceCustomData/CustomID</LocURI>
</Target>
<Data>urn:uuid:130CCE0D-0187-5866-855A-DE7406F76046</Data>
</Item>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/DeviceCustomData/CustomString</LocURI>
</Target>
<Data>{"firstName":"John","lastName":"Doe"}</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
<a href="" id="brightness"></a>**Brightness**
Node for setting device brightness values.
<a href="" id="brightness-default"></a>**Brightness/Default**
Default display brightness value. For example, you can maximize battery life by reducing the default value or set it to medium in a facility that is generally darker.
The valid values are:
- Automatic - the device determines the brightness
- Low
- Medium
- High
The supported operations are Get and Replace.
Here's an example for getting the current default value.
```xml
<?xml version="1.0"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Get>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/Brightness/Default</LocURI>
</Target>
</Item>
</Get>
<Final/>
</SyncBody>
</SyncML>
```
Here's an example for setting the default value to medium.
```xml
<?xml version="1.0"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/Brightness/Default</LocURI>
</Target>
<Data>medium</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
<a href="" id="brightness-maxauto"></a>**Brightness/MaxAuto**
Maximum display brightness value when the device is set to automatic mode. The device brightness will never be higher than the MaxAuto value. The value values are:
- Low
- Medium
- High
The supported operations are Get and Replace.
Here's an example for setting the maximum auto-brightness to medium.
```xml
<?xml version="1.0"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/Brightness/MaxAuto</LocURI>
</Target>
<Data>medium</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
<a href="" id="ledalertnotification"></a>**LedAlertNotification**
Node for setting LED behavior of the device.
<a href="" id="ledalertnotification-state"></a>**LedAlertNotification/State**
LED state. The valid values are:
- 0 - off
- 1 - on
- 2 - blink
Example: LED On
```xml
<?xml version="1.0"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Intensity</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>100</Data>
</Item>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/LedAlertNotification/State</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>1</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
Example: LED Off
```xml
<?xml version="1.0"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/LedAlertNotification/State</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>0</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
<a href="" id="ledalertnotification-intensity"></a>**LedAlertNotification/Intensity**
Intensity of the LED brightness. You can set the value between 1 - 100.
Example: LED blink
```xml
<?xml version="1.0"?>
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
<CmdID>3</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Period</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>500</Data>
</Item>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Dutycycle</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>70</Data>
</Item>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Intensity</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>100</Data>
</Item>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/LedAlertNotification/Cyclecount</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>543210</Data>
</Item>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExt/LedAlertNotification/State</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">int</Format>
</Meta>
<Data>2</Data>
</Item>
</Replace>
<Final/>
</SyncBody>
</SyncML>
```
<a href="" id="ledalertnotification-period"></a>**LedAlertNotification/Period**
Duration of each blink, which is the time of ON + OFF. The value is in milliseconds. This is valid only for blink.
<a href="" id="ledalertnotification-dutycycle"></a>**LedAlertNotification/DutyCycle**
LED ON duration during one blink cycle. You can set the value between 1 - 100. This is valid only for blink.
<a href="" id="ledalertnotification-cyclecount"></a>**LedAlertNotification/Cyclecount**
Number of blink cycles. The data type is a 4-byte signed integer. Any negative value or zero results in an error. This node is only valid for blink.
<a href="" id="devicereboot"></a>**DeviceReboot**
Removed in Windows 10.
<a href="" id="devicereboot-waittime"></a>**DeviceReboot/WaitTime**
Removed in Windows 10.
<a href="" id="maintenancewindow"></a>**MaintenanceWindow**
Removed in Windows 10.
<a href="" id="maintenancewindow-maintenanceallowed"></a>**MaintenanceWindow/MaintenanceAllowed**
Removed in Windows 10.
<a href="" id="maintenancewindow-mwmandatory"></a>**MaintenanceWindow/MWMandatory**
Removed in Windows 10.
<a href="" id="maintenancewindow-schedulexml"></a>**MaintenanceWindow/ScheduleXML**
Removed in Windows 10.
<a href="" id="maintenancewindow-mwnotificationduration"></a>**MaintenanceWindow/MWNotificationDuration**
Removed in Windows 10.
<a href="" id="maintenancewindow-mwminimumduration"></a>**MaintenanceWindow/MWminimumDuration**
Removed in Windows 10.
<a href="" id="deviceupdate"></a>**DeviceUpdate**
Removed in Windows 10.
<a href="" id="deviceupdate-datetimestamp"></a>**DeviceUpdate/DateTimeStamp**
Removed in Windows 10.
<a href="" id="deviceupdate-updateresultxml"></a>**DeviceUpdate/UpdateResultXml**
Removed in Windows 10.
<a href="" id="mdm"></a>**MDM**
Removed in Windows 10.
<a href="" id="mdm-server"></a>**MDM/Server**
Removed in Windows 10.
<a href="" id="mdm-username"></a>**MDM/Username**
Removed in Windows 10.
<a href="" id="mdm-password"></a>**MDM/Password**
Removed in Windows 10.
<a href="" id="mdm-enabledeviceenrollment"></a>**MDM/EnableDeviceEnrollment**
Removed in Windows 10.
<a href="" id="pfx"></a>**Pfx**
Removed in Windows 10.
<a href="" id="disableenterprisevalidation"></a>**DisableEnterpriseValidation**
Removed in Windows 10.
 
 
10/10/2016

320
windows/client-management/mdm/enterpriseext-ddf.md
View File

@ -1,320 +0,0 @@
---
title: EnterpriseExt DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExt configuration service provider (CSP).
ms.assetid: 71BF81D4-FBEC-4B03-BF99-F7A5EDD4F91B
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/05/2017
---
# EnterpriseExt DDF
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseExt** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>EnterpriseExt</NodeName>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>DeviceCustomData</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>CustomID</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>CustomString</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>Brightness</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Default</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>MaxAuto</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>LedAlertNotification</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
<Add />
<Delete />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>State</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Intensity</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Period</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>DutyCycle</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Cyclecount</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<int />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```
 
 

140
windows/client-management/mdm/enterpriseextfilessystem-csp.md
View File

@ -1,140 +0,0 @@
---
title: EnterpriseExtFileSystem CSP
description: Add, retrieve, or change files through the Mobile Device Management (MDM) service using the EnterpriseExtFileSystem CSP.
ms.assetid: F773AD72-A800-481A-A9E2-899BA56F4426
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 06/26/2017
---
# EnterpriseExtFileSystem CSP
The EnterpriseExtFileSystem configuration service provider (CSP) allows IT administrators to add, retrieve, or change files in the file system through the Mobile Device Management (MDM) service. For example, you can use this configuration service provider to push a provisioning XML file or a new lock screen background image file to a device through the MDM service, and also retrieve logs from the device in the enterprise environment.
> **Note**  The EnterpriseExtFileSystem CSP is only supported in Windows 10 Mobile.
File contents are embedded directly into the syncML message, so there is a limit to the size of the file that can be retrieved from the device. The default limit is 0x100000 (1 MB). You can configure this limit by using the following registry key: **Software\\Microsoft\\Provisioning\\CSPs\\.\\Vendor\\MSFT\\EnterpriseExtFileSystem\\MaxFileReadSize**.
The following shows the EnterpriseExtFileSystem configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
```
./Vendor/MSFT
EnterpriseExtFileSystem
----Persistent
--------Files_abc1
--------Directory_abc2
----NonPersistent
--------Files_abc3
--------Directory_abc4
----OemProfile
--------Directory_abc5
--------Files_abc6
```
The following list describes the characteristics and parameters.
<a href="" id="--vendor-msft-enterpriseextfilesystem"></a>**./Vendor/MSFT/EnterpriseExtFileSystem**
<p>The root node for the EnterpriseExtFileSystem configuration service provider. Supported operations are Add and Get.</p>
<a href="" id="persistent"></a>**Persistent**
<p>The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Persistent folder, it accesses that data from the EnterpriseExtFileSystem\Persistent node. Files written to the Persistent folder persists over ordinary power cycles.</p>
> **Important**  There is a limit to the amount of data that can be persisted, which varies depending on how much disk space is available on one of the partitions. This data cap amount (that can be persisted) varies by manufacturer.
>
>
>
> **Note**   When the IT admin triggers a **doWipePersistProvisionedData** action using [RemoteWipe CSP](remotewipe-csp.md), items stored in the Persistent folder are persisted over wipe and restored when the device boots again. The contents are not persisted if a **doWipe** action is triggered.
<a href="" id="nonpersistent"></a>**NonPersistent**
<p>The EnterpriseExtFileSystem CSP allows an enterprise to read, write, delete and list files in this folder. When an app writes data to the Non-Persistent folder, it accesses that data from the EnterpriseExtFileSystem\NonPersistent node. Files written to the NonPersistent folder will persist over ordinary power cycles.</p>
<p>When the device is wiped, any data stored in the NonPersistent folder is deleted.</p>
<a href="" id="oemprofile"></a>**OemProfile**
<p>Added in Windows 10, version 1511. The EnterpriseExtFileSystem CSP allows an enterprise to deploy an OEM profile on the device, such as a barcode scanner profile then can be consumed by the OEM barcode scanner driver. The file is placed into the \data\shareddata\oem\public\profile\ folder of the device.</p>
<a href="" id="directory"></a>***Directory***
<p>The name of a directory in the device file system. Any <em>Directory</em> node can have directories and files as child nodes.</p>
<p>Use the Add command to create a new directory. You cannot use it to add a new directory under a file system root.</p>
<p>Use the Get command to return the list of child node names under <em>Directory</em>.</p>
<p>Use the Get command with ?List=Struct to recursively return all child node names, including subdirectory names, under <em>Directory</em>.</p>
<a href="" id="filename"></a>***Filename***
<p>The name of a file in the device file system.</p>
Supported operations is Get.
## OMA DM examples
The following example shows how to retrieve a file from the device.
```xml
<Get>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExtFileSystem/Persistent/file.txt</LocURI>
</Target>
</Item>
</Get>
```
The following example shows the file name that is returned in the body of the response syncML code. In this example, the full path of the file on the device is C:/data/test/bin/filename.txt.
```xml
<Results>
<CmdID>3</CmdID>
<MsgRef>1</MsgRef>
<CmdRef>2</CmdRef>
<Item>
<Source>
<LocURI>./Vendor/MSFT/EnterpriseExtFileSystem/Persistent/filename.txt</LocURI>
</Source>
<Meta>
<Format xmlns="syncml:metinf">b64</Format>
<Type xmlns="syncml:metinf">application/octet-stream</Type>
</Meta>
<Data>aGVsbG8gd29ybGQ=</Data>
</Item>
</Results>
```
The following example shows how to push a file to the device.
```xml
<Add>
<CmdID>2</CmdID>
<Item>
<Target>
<LocURI>./Vendor/MSFT/EnterpriseExtFileSystem/Persistent/new.txt</LocURI>
</Target>
<Meta>
<Format xmlns="syncml:metinf">b64</Format>
<Type xmlns="syncml:metinf">application/octet-stream</Type>
</Meta>
<Data>aGVsbG8gd29ybGQ=</Data>
</Item>
</Add>
```

273
windows/client-management/mdm/enterpriseextfilesystem-ddf.md
View File

@ -1,273 +0,0 @@
---
title: EnterpriseExtFileSystem DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseExtFileSystem configuration service provider (CSP).
ms.assetid: 2D292E4B-15EE-4AEB-8884-6FEE8B92D2D1
ms.reviewer:
manager: dansimp
ms.author: dansimp
ms.topic: article
ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.date: 12/05/2017
---
# EnterpriseExtFileSystem DDF
This topic shows the OMA DM device description framework (DDF) for the **EnterpriseExtFileSystem** configuration service provider. DDF files are used only with OMA DM provisioning XML.
Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
```xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN"
"http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"
[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
<MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
<VerDTD>1.2</VerDTD>
<Node>
<NodeName>EnterpriseExtFileSystem</NodeName>
<Path>./Vendor/MSFT</Path>
<DFProperties>
<AccessType>
<Get />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Persistent</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Files_abc1</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DFFormat>
<b64 />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Files</DFTitle>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Directory_abc2</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Directory</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>NonPersistent</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Files_abc3</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Files</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Directory_abc4</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Directory</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
<Node>
<NodeName>OemProfile</NodeName>
<DFProperties>
<AccessType>
<Get />
<Replace />
</AccessType>
<DFFormat>
<node />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Permanent />
</Scope>
<DFType>
<DDFName></DDFName>
</DFType>
</DFProperties>
<Node>
<NodeName>Directory_abc5</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Directory</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node>
<NodeName>Files_abc6</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<DFFormat>
<chr />
</DFFormat>
<Occurrence>
<One />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFTitle>Files</DFTitle>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
</Node>
</Node>
</MgmtTree>
```
## Related topics
[EnterpriseExtFileSystem configuration service provider](enterpriseextfilessystem-csp.md)
 
 

26
windows/client-management/mdm/enterprisemodernappmanagement-csp.md
View File

@ -20,7 +20,8 @@ The EnterpriseModernAppManagement configuration service provider (CSP) is used f
> Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP.
The following shows the EnterpriseModernAppManagement configuration service provider in tree format.
```
```console
./Vendor/MSFT
EnterpriseModernAppManagement
----AppManagement
@ -68,7 +69,7 @@ EnterpriseModernAppManagement
For user context, use **./User/Vendor/MSFT** path and for device context, use **./Device/Vendor/MSFT** path.
> [!Note]
> Windows Holographic and Windows 10 Mobile only support per-user configuration of the EnterpriseModernAppManagement CSP.
> Windows Holographic only supports per-user configuration of the EnterpriseModernAppManagement CSP.
<a href="" id="appmanagement"></a>**AppManagement**
Required. Used for inventory and app management (post-install).
@ -120,7 +121,7 @@ Query parameters:
- Bundle - returns installed bundle packages.
- Framework - returns installed framework packages.
- Resource - returns installed resources packages. Resources are either language, scale, or DirectX resources. They are parts of a bundle.
- XAP - returns XAP package types. This filter is not supported on devices other than Windows Mobile.
- XAP - returns XAP package types. This filter is only supported on Windows Mobile.
- All - returns all package types.
If no value is specified, the combination of Main, Bundle, and Framework are returned.
@ -451,7 +452,8 @@ Valid values:
**Examples:**
Add an app to the nonremovable app policy list
```
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Add>
@ -472,7 +474,8 @@ Add an app to the nonremovable app policy list
```
Get the status for a particular app
```
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Get>
@ -491,7 +494,8 @@ Get the status for a particular app
Replace an app in the nonremovable app policy list
Data 0 = app is not in the app policy list
Data 1 = app is in the app policy list
```
```xml
<SyncML xmlns="SYNCML:SYNCML1.2">
<SyncBody>
<Replace>
@ -678,13 +682,3 @@ Subsequent query for a specific app for its properties.
## Related topics
[Configuration service provider reference](configuration-service-provider-reference.md)

Some files were not shown because too many files have changed in this diff Show More