From ccb8b6b269b7b0ee316d3740a764ad59629ab715 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 28 Mar 2022 15:37:46 +0530 Subject: [PATCH 01/16] Updated --- windows/client-management/mdm/accountmanagement-csp.md | 9 +++++++++ windows/client-management/mdm/accounts-csp.md | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index 5f2a7ff230..254aa5b416 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -32,6 +32,15 @@ AccountManagement --------ProfileInactivityThreshold ``` +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No| +|Business|No|No| +|Enterprise|No|No| +|Education|No|No| + + **./Vendor/MSFT/AccountManagement** Root node for the AccountManagement configuration service provider. diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 1269c2797e..18d425c0f2 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -30,6 +30,15 @@ Accounts ------------LocalUserGroup ``` +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|No|No| +|Business|No|No| +|Enterprise|No|No| +|Education|No|No| + + **./Device/Vendor/MSFT/Accounts** Root node. From 205bbef7b88134e93f31cf71d5b95bd72dbea002 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Tue, 29 Mar 2022 00:23:03 +0530 Subject: [PATCH 02/16] Updated --- .../client-management/mdm/bitlocker-csp.md | 1 - .../mdm/cmpolicyenterprise-csp.md | 24 +++---- .../mdm/customdeviceui-csp.md | 9 ++- windows/client-management/mdm/defender-csp.md | 67 +++++++++++-------- .../client-management/mdm/devdetail-csp.md | 17 +++-- .../mdm/developersetup-csp.md | 8 +++ windows/client-management/mdm/supl-csp.md | 18 ++--- .../client-management/mdm/surfacehub-csp.md | 6 +- 8 files changed, 91 insertions(+), 59 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 6b83e9c150..95233b9ad6 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -69,7 +69,6 @@ Defines the root node for the BitLocker configuration service provider. Allows the administrator to require encryption to be turned on by using BitLocker\Device Encryption. - |Edition|Windows 10|Windows 11| |--- |--- |--- | |Home|No|No| diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index d843207762..d2cf286284 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -14,19 +14,24 @@ ms.date: 06/26/2017 # CMPolicyEnterprise CSP +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|No|No| +|Education|Yes|Yes| The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request. > [!NOTE] > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. - - -Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies +ach policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies **Policy Ordering**: There is no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence. -**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN. +**Default Policies**: Policies are applied in the order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available WiFi network first and then any available APN. The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management. @@ -75,7 +80,7 @@ Specifies whether the list of connections is in preference order. A value of "0" specifies that the connections are not listed in order of preference. A value of "1" indicates that the listed connections are in order of preference. **Conn***XXX* -Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". +Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three-digits, which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". **ConnectionID** Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter. @@ -90,10 +95,9 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th |CDMA|{274AD55A-4A70-4E35-93B3-AE2D2E6727FC}| |Legacy 3GPP|{6DE4C04B-B74E-47FA-99E5-8F2097C06A92}| |LTE|{2378E547-8312-46A5-905E-5C581E92693B}| -|Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}| -|Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}| +|WiFi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}| +|WiFi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}| - For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available: @@ -136,7 +140,6 @@ Specifies the type of connection being referenced. The following list describes ## OMA client provisioning examples - Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider. ```xml @@ -230,7 +233,6 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C ## OMA DM examples - Adding an application-based mapping policy: ```xml @@ -367,7 +369,6 @@ Adding a host-based mapping policy: ## Microsoft Custom Elements - |Element|Available| |--- |--- | |parm-query|Yes| @@ -376,7 +377,6 @@ Adding a host-based mapping policy: ## Related topics - [Configuration service provider reference](configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 7a4eb3b5e1..e59eb1a383 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -14,6 +14,14 @@ ms.date: 06/26/2017 # CustomDeviceUI CSP +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|No|No| +|Education|Yes|Yes| + The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported. The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. @@ -42,7 +50,6 @@ Package Full Name of the App that needs be launched in the background. This can ## SyncML examples - **Set StartupAppID** ```xml diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 6f404d4e29..041986e816 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -15,6 +15,15 @@ ms.date: 10/04/2021 # Defender CSP +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + > [!WARNING] > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. @@ -177,7 +186,7 @@ The following table describes the supported values: | 48 | Policy | | 49 | EUS (Enterprise Unwanted Software)| | 50 | Ransomware | -| 51 | ASR Rule | +| 51 | Azure Site Recovery Rule | Supported operation is Get. @@ -255,9 +264,9 @@ Supported operation is Get. The Network Protection Service is a network filter that helps to protect you against web-based malicious threats, including phishing and malware. The Network Protection service contacts the SmartScreen URL reputation service to validate the safety of connections to web resources. The acceptable values for this parameter are: -- 0: Disabled. The Network Protection service will not block navigation to malicious websites, or contact the SmartScreen URL reputation service. It will still send connection metadata to the antimalware engine if behavior monitoring is enabled, to enhance AV Detections. +- 0: Disabled. The Network Protection service won't block navigation to malicious websites, or contact the SmartScreen URL reputation service. It will still send connection metadata to the antimalware engine if behavior monitoring is enabled, to enhance AV Detections. - 1: Enabled. The Network Protection service will block connections to malicious websites based on URL Reputation from the SmartScreen URL reputation service. -- 2: AuditMode. As above, but the Network Protection service will not block connections to malicious websites, but will instead log the access to the event log. +- 2: AuditMode. As above, but the Network Protection service won't block connections to malicious websites, but will instead log the access to the event log. Accepted values: Disabled, Enabled, and AuditMode Position: Named @@ -276,7 +285,7 @@ By default, network protection is not allowed to be enabled on Windows versions **EnableNetworkProtection/AllowNetworkProtectionOnWinServer** -By default, network protection is not allowed to be enabled on Windows Server, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode. +By default, network protection isn't allowed to be enabled on Windows Server, regardless of the setting of the EnableNetworkProtection configuration. Set this configuration to "$true" to override that behavior and allow Network Protection to be set to Enabled or Audit Mode. - Type: Boolean - Position: Named @@ -585,11 +594,11 @@ An interior node to group Windows Defender configuration information. Supported operation is Get. **Configuration/TamperProtection** -Tamper protection helps protect important security features from unwanted changes and interference. This includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions. +Tamper protection helps protect important security features from unwanted changes and interference. This includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions. Send off blob to device to reset tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune. -The data type is a Signed blob. +The data type is a Signed BLOB. Supported operations are Add, Delete, Get, Replace. @@ -603,7 +612,7 @@ When enabled or disabled exists on the client and admin moves the setting to not **Configuration/DisableLocalAdminMerge**
This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions. -If you disable or do not configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, management settings will override preference settings. +If you disable or don't configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, management settings will override preference settings. If you enable this setting, only items defined by management will be used in the resulting effective policy. Managed settings will override preference settings configured by the local administrator. @@ -621,31 +630,31 @@ Valid values are: - 0 (default) – Disable. **Configuration/HideExclusionsFromLocalAdmins**
-This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that are not Local Admins) exclusions are not visible, whether or not this setting is enabled. +This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that aren't Local Admins) exclusions aren't visible, whether or not this setting is enabled. -If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App and via PowerShell. +- If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app or via PowerShell. -If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app or via PowerShell. +- If you disable or don't configure this setting, Local Admins will be able to see exclusions in the Windows Security App and via PowerShell. > [!NOTE] > Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**. -Supported OS versions: Windows 10 +Supported OS versions: Windows 10 The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid values are: - 1 – Enable. - 0 (default) – Disable. **Configuration/DisableCpuThrottleOnIdleScans**
-Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and will not throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur. +Indicates whether the CPU will be throttled for scheduled scans while the device is idle. This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans this flag will have no impact and normal throttling will occur. The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid values are: - 1 (default) – Enable. @@ -656,7 +665,7 @@ Allow managed devices to update through metered connections. Data charges may ap The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid values are: - 1 – Enable. @@ -667,7 +676,7 @@ This settings controls whether Network Protection is allowed to be configured in The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid values are: - 1 – Enable. @@ -678,7 +687,7 @@ Allows an administrator to explicitly disable network packet inspection made by The data type is string. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. **Configuration/EnableFileHashComputation** Enables or disables file hash computation feature. @@ -686,7 +695,7 @@ When this feature is enabled Windows Defender will compute hashes for files it s The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid values are: - 1 – Enable. @@ -697,15 +706,15 @@ The support log location setting allows the administrator to specify where the M Data type is string. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Intune Support log location setting UX supports three states: -- Not configured (default) - Does not have any impact on the default state of the device. +- Not configured (default) - Doesn't have any impact on the default state of the device. - 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path. - 0 - Disabled. Turns off the Support log location feature. -When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. +When enabled or disabled exists on the client and admin moves the setting to not configure, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. More details: @@ -725,11 +734,11 @@ Current Channel (Broad): Devices will be offered updates only after the gradual Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only -If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices. +If you disable or don't configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices. The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid values are: - 0: Not configured (Default) @@ -758,11 +767,11 @@ Current Channel (Broad): Devices will be offered updates only after the gradual Critical: Devices will be offered updates with a 48-hour delay. Suggested for critical environments only -If you disable or do not configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices. +If you disable or don't configure this policy, the device will stay up to date automatically during the gradual release cycle. Suitable for most devices. The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid values are: - 0: Not configured (Default) @@ -784,10 +793,10 @@ Current Channel (Staged): Devices will be offered updates after the release cycl Current Channel (Broad): Devices will be offered updates only after the gradual release cycle completes. Suggested to apply to a broad set of devices in your production population (~10-100%). -If you disable or do not configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices. +If you disable or don't configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices. The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid Values are: - 0: Not configured (Default) @@ -806,11 +815,11 @@ Devices will be offered all Microsoft Defender updates after the gradual release > [!NOTE] > This setting applies to both monthly as well as daily Microsoft Defender updates and will override any previously configured channel selections for platform and engine updates. -If you disable or do not configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices. +If you disable or don't configure this policy, the device will remain in Current Channel (Default) unless specified otherwise in specific channels for platform and engine updates. Stay up to date automatically during the gradual release cycle. Suitable for most devices. The data type is integer. -Supported operations are Add, Delete, Get, Replace. +Supported operations are Add, Delete, Get, and Replace. Valid values are: - 1 – Enabled. diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 7a1c219d01..e256226f20 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -14,6 +14,15 @@ ms.date: 03/27/2020 # DevDetail CSP +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + + The DevDetail configuration service provider handles the management object that provides device-specific parameters to the OMA DM server. These device parameters can be queried by servers using OMA DM commands. They aren't sent from the client to the server automatically. > [!NOTE] @@ -210,22 +219,22 @@ Returns the VoLTE service to on or off. This setting is only exposed to mobile o Supported operation is Get. **Ext/WlanIPv4Address** -Returns the IPv4 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA DM servers. +Returns the IPv4 address of the active WiFi connection. This address is only exposed to enterprise OMA DM servers. Supported operation is Get. **Ext/WlanIPv6Address** -Returns the IPv6 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA-DM servers. +Returns the IPv6 address of the active WiFi connection. This address is only exposed to enterprise OMA-DM servers. Supported operation is Get. **Ext/WlanDnsSuffix** -Returns the DNS suffix of the active Wi-Fi connection. This suffix is only exposed to enterprise OMA-DM servers. +Returns the DNS suffix of the active WiFi connection. This suffix is only exposed to enterprise OMA-DM servers. Supported operation is Get. **Ext/WlanSubnetMask** -Returns the subnet mask for the active Wi-Fi connection. This subnet mask is only exposed to enterprise OMA-DM servers. +Returns the subnet mask for the active WiFi connection. This subnet mask is only exposed to enterprise OMA-DM servers. Supported operation is Get. diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index b27c178d3c..4ea714b2a9 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -14,6 +14,14 @@ ms.date: 06/26/2018 # DeveloperSetup CSP +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + The DeveloperSetup configuration service provider (CSP) is used to configure Developer Mode on the device and connect to the Windows Device Portal. For more information about the Windows Device Portal, see [Windows Device Portal overview](/windows/uwp/debug-test-perf/device-portal). This CSP was added in Windows 10, version 1703. > [!NOTE] diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 32af3e680b..63a8370e40 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -14,6 +14,14 @@ ms.date: 09/12/2019 # SUPL CSP +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + The SUPL configuration service provider is used to configure the location client, as shown in the following table: - **Location Service**: Connection type @@ -110,7 +118,6 @@ Optional. Specifies the positioning method that the SUPL client will use for mob |4|OTDOA| |5|AFLT| -  The default is 0. The default method in Windows devices provides high-quality assisted GNSS positioning for mobile originated position requests without loading the mobile operator’s network or location services. @@ -118,7 +125,6 @@ The default is 0. The default method in Windows devices provides high-quality as > The Mobile Station Assisted, OTDOA, and AFLT positioning methods must only be configured for test purposes.   - For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **LocMasterSwitchDependencyNII** @@ -133,7 +139,6 @@ This value manages the settings for both SUPL and v2 UPL. If a device is configu |Off|0|Yes| |Off|1|No (unless privacyOverride is set)| - When the location toggle is set to Off and this value is set to 1, the following application requests will fail: - `noNotificationNoVerification` @@ -238,7 +243,6 @@ The default is 0. The default method provides high-quality assisted GNSS positio > The Mobile Station Assisted and AFLT positioning methods must only be configured for test purposes.   - For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. **LocMasterSwitchDependencyNII** @@ -282,7 +286,6 @@ Optional. Integer. Defines the minimum interval of time in seconds between mobil ## Unsupported Nodes - The following optional nodes are not supported on Windows devices. - ProviderID @@ -305,7 +308,6 @@ If a mobile operator requires the communication with the H-SLP to take place ove ## OMA Client Provisioning examples - Adding new configuration information for a H-SLP server for SUPL. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value. ```xml @@ -330,7 +332,7 @@ Adding new configuration information for a H-SLP server for SUPL. Values in ital ``` -Adding a SUPL and a V2 UPL account to the same device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value. +Adding a SUPL and a V2 UPL account to the same device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary BLOB must be included for the root certificate data value. ```xml @@ -361,7 +363,6 @@ Adding a SUPL and a V2 UPL account to the same device. Values in italic must be ## OMA DM examples - Adding a SUPL account to a device. Values in italic must be replaced with correct settings for the mobile operator network. A valid binary blob must be included for the root certificate data value. ```xml @@ -436,7 +437,6 @@ Adding a SUPL account to a device. Values in italic must be replaced with correc ## Microsoft Custom Elements - The following table shows the Microsoft custom elements that this configuration service provider supports for OMA Client Provisioning. |Elements|Available| diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index e0a043830c..c0cc89c25c 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -14,7 +14,7 @@ ms.date: 07/28/2017 # SurfaceHub CSP -The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511. +The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511, and later. The following shows the SurfaceHub CSP management objects in tree format. ``` @@ -216,7 +216,7 @@ If there is an error calling ValidateAndCommit, there is additional context for | 3 | Populating Exchange server address | Unable to auto-discover your Exchange server address. Try to manually specify the Exchange server address using the ExchangeServer field. | | 4 | Validating Exchange server address | Unable to validate the Exchange server address. Ensure that the ExchangeServer field is valid. | | 5 | Saving account information | Unable to save account details to the system. | -| 6 | Validating EAS policies | The device account uses an unsupported EAS policy. Make sure the EAS policy is configured correctly according to the admin guide. | +| 6 | Validating EAS policies | The device account uses an unsupported EAS policy. Ensure the EAS policy is configured correctly according to the admin guide. | The data type is integer. Supported operation is Get. @@ -254,7 +254,7 @@ The data type is integer. Supported operation is Get.

The data type is boolean. Supported operation is Get and Replace. **InBoxApps/Welcome/CurrentBackgroundPath** -

Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, please ensure they are valid and installed on the Hub, otherwise it may not be able to load the image. +

Download location for image to be used as the background during user sessions and on the welcome screen. To set this, specify an https URL to a 32-bit PNG file (only PNGs are supported for security reasons). If any certificate authorities need to be trusted in order to access the URL, ensure they are valid and installed on the Hub, otherwise it may not be able to load the image.

The data type is string. Supported operation is Get and Replace. From 54be22e9ac1b6b4a741c97e4a0713af2b99c1830 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 4 Apr 2022 15:19:14 +0530 Subject: [PATCH 03/16] Updated --- .../client-management/mdm/accountmanagement-csp.md | 8 -------- windows/client-management/mdm/accounts-csp.md | 9 --------- .../client-management/mdm/cmpolicyenterprise-csp.md | 12 +----------- windows/client-management/mdm/customdeviceui-csp.md | 7 ------- windows/client-management/mdm/developersetup-csp.md | 8 -------- 5 files changed, 1 insertion(+), 43 deletions(-) diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index 254aa5b416..8f42b52db0 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -32,14 +32,6 @@ AccountManagement --------ProfileInactivityThreshold ``` -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|No|No| -|Business|No|No| -|Enterprise|No|No| -|Education|No|No| - **./Vendor/MSFT/AccountManagement** Root node for the AccountManagement configuration service provider. diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md index 18d425c0f2..1269c2797e 100644 --- a/windows/client-management/mdm/accounts-csp.md +++ b/windows/client-management/mdm/accounts-csp.md @@ -30,15 +30,6 @@ Accounts ------------LocalUserGroup ``` -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|Yes|Yes| -|Pro|No|No| -|Business|No|No| -|Enterprise|No|No| -|Education|No|No| - - **./Device/Vendor/MSFT/Accounts** Root node. diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index d5657c45d3..d07e72b9a5 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -14,23 +14,13 @@ ms.date: 06/26/2017 # CMPolicyEnterprise CSP -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|Yes|Yes| -|Pro|Yes|Yes| -|Business|Yes|Yes| -|Enterprise|No|No| -|Education|Yes|Yes| - -======= - The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request. > [!NOTE] > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_NETWORKING\_ADMIN capabilities to be accessed from a network configuration application. Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies -======= + Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index e59eb1a383..98f6c3c61b 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -14,13 +14,6 @@ ms.date: 06/26/2017 # CustomDeviceUI CSP -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|Yes|Yes| -|Pro|Yes|Yes| -|Business|Yes|Yes| -|Enterprise|No|No| -|Education|Yes|Yes| The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported. The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md index 4ea714b2a9..b27c178d3c 100644 --- a/windows/client-management/mdm/developersetup-csp.md +++ b/windows/client-management/mdm/developersetup-csp.md @@ -14,14 +14,6 @@ ms.date: 06/26/2018 # DeveloperSetup CSP -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|Yes|Yes| -|Business|Yes|Yes| -|Enterprise|Yes|Yes| -|Education|Yes|Yes| - The DeveloperSetup configuration service provider (CSP) is used to configure Developer Mode on the device and connect to the Windows Device Portal. For more information about the Windows Device Portal, see [Windows Device Portal overview](/windows/uwp/debug-test-perf/device-portal). This CSP was added in Windows 10, version 1703. > [!NOTE] From 0aec98f98a3d21564fedb39c0aa39c687e825a04 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 4 Apr 2022 15:22:08 +0530 Subject: [PATCH 04/16] Update cmpolicyenterprise-csp.md --- windows/client-management/mdm/cmpolicyenterprise-csp.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index d07e72b9a5..6c7a628a81 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -77,7 +77,7 @@ A value of "0" specifies that the connections aren't listed in order of preferen **Conn***XXX* Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three-digits, which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". -======= + Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits that increment starting from "000". For example, a policy which is applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004". **ConnectionID** From 86b43f5b454bbdee076bbbb0cece5e9cc838e0bc Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Mon, 4 Apr 2022 23:58:03 +0530 Subject: [PATCH 05/16] Updated --- windows/client-management/mdm/bitlocker-csp.md | 1 + windows/client-management/mdm/tpmpolicy-csp.md | 9 +++++++++ windows/client-management/mdm/uefi-csp.md | 9 +++++++++ .../client-management/mdm/unifiedwritefilter-csp.md | 9 +++++++++ windows/client-management/mdm/update-csp.md | 10 ++++++++++ windows/client-management/mdm/vpnv2-csp.md | 11 ++++++++++- windows/client-management/mdm/w4-application-csp.md | 11 ++++++++++- windows/client-management/mdm/w7-application-csp.md | 13 +++++++++---- 8 files changed, 67 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md index 33ec0aa74f..6c1b9368e4 100644 --- a/windows/client-management/mdm/bitlocker-csp.md +++ b/windows/client-management/mdm/bitlocker-csp.md @@ -71,6 +71,7 @@ Defines the root node for the BitLocker configuration service provider. Allows the administrator to require encryption that needs to be turned on by using BitLocker\Device Encryption. + |Edition|Windows 10|Windows 11| |--- |--- |--- | |Home|No|No| diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index 6c01205868..aebdca3212 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -13,6 +13,15 @@ manager: dansimp # TPMPolicy CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index 8a3a6d1f58..093c971528 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -13,6 +13,15 @@ manager: dansimp # UEFI CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809. diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index 186d8823ae..e0f083cf64 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -14,6 +14,15 @@ ms.date: 06/26/2017 # UnifiedWriteFilter CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| The UnifiedWriteFilter (UWF) configuration service provider enables the IT administrator to remotely manage the UWF to help protect physical storage media including any writable storage type. diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index c57a52f15f..f5a5bd0adb 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -14,6 +14,16 @@ ms.date: 02/23/2018 # Update CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| + The Update configuration service provider enables IT administrators to manage and control the rollout of new updates. > [!NOTE] diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index add96c2ec0..ac6ce3f1de 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -14,6 +14,15 @@ ms.date: 09/21/2021 # VPNv2 CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device. @@ -696,7 +705,7 @@ Supported operations include Get, Add, Replace, and Delete. Reserved for future use. **VPNv2/**ProfileName**/NativeProfile** -Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol (IKEv2, PPTP, L2TP). +Nodes under NativeProfile are required when using a Windows Inbox VPN Protocol (IKEv2, PPTP, and L2TP). **VPNv2/**ProfileName**/NativeProfile/Servers** Required for native profiles. Public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm. Examples, 208.147.66.130 or vpn.contoso.com. diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index 026dcfb003..1c6f914c0e 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -14,6 +14,15 @@ ms.date: 06/26/2017 # w4 APPLICATION CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| Use an **APPLICATION** configuration service provider that has an APPID of w4 to configure Multimedia Messaging Service (MMS). @@ -47,7 +56,7 @@ This parameter takes a string value. The possible values to configure the NAME p - no value specified > [!NOTE] -> The APPLICATION/NAME value is displayed in the UI. The APPLICATION/NAME value might not be saved on the device. So after an upgrade, the MDM servers should resend APPLICATION/NAME to DMAcc. +> The APPLICATION/NAME value is displayed in the UI. The APPLICATION/NAME value might not be saved on the device. Hence, after an upgrade, the MDM servers should resend APPLICATION/NAME to DMAcc. If no value is specified, the registry location will default to ``. diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index c69b5612ca..079d7923cd 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -14,6 +14,15 @@ ms.date: 06/26/2017 # w7 APPLICATION CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|Yes|Yes| +|Pro|Yes|Yes| +|Business|Yes|Yes| +|Enterprise|Yes|Yes| +|Education|Yes|Yes| The APPLICATION configuration service provider that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. Although this configuration service provider is used to set up an OMA DM account, it is managed over OMA Client Provisioning. @@ -54,7 +63,6 @@ APPLICATION > **Note**   All parm names and characteristic types are case sensitive and must use all uppercase. Both APPSRV and CLIENT credentials must be provided in provisioning XML. -  **APPADDR** This characteristic is used in the w7 APPLICATION characteristic to specify the DM server address. @@ -132,9 +140,7 @@ Optional. The INIT parameter is used in the APPLICATION characteristic to indica > **Note**   This node is only for mobile operators and MDM servers that try to use this will fail. This node is not supported in the enterprise MDM enrollment scenario. This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio is not yet ready. -   - **INITIALBACKOFFTIME** Optional. The INITIALBACKOFFTIME parameter is used in the APPLICATION characteristic to specify the initial wait time in milliseconds when the DM client retries for the first time. The wait time grows exponentially. This parameter takes a numeric value in string format. The default value is “16000”. You can get or set this parameter. @@ -183,7 +189,6 @@ Stores specifies which certificate stores the DM client will search to find the > **Note**   %EF%80%80 is the UTF8-encoded character U+F000.   - Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following: ```xml From bec86ae7fb283585d68a26212cb66c92e5a22bda Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Tue, 5 Apr 2022 00:11:24 +0530 Subject: [PATCH 06/16] Updated --- windows/client-management/mdm/tpmpolicy-csp.md | 2 +- windows/client-management/mdm/uefi-csp.md | 2 +- windows/client-management/mdm/unifiedwritefilter-csp.md | 1 - windows/client-management/mdm/update-csp.md | 2 +- windows/client-management/mdm/vpnv2-csp.md | 4 ++-- 5 files changed, 5 insertions(+), 6 deletions(-) diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index aebdca3212..a34197b788 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -25,7 +25,7 @@ The table below shows the applicability of Windows: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero exhaust configuration on a Windows device for TPM software components. Zero exhaust is defined as no network traffic (diagnostic data or otherwise, such as downloading background images, Windows Updates, and so on.) from Windows and inbox applications to public IP addresses unless directly intended by the user. This allows the enterprise admin to configure devices where no network communication is initiated by the system without explicit approval. -The TPMPolicy CSP was added in Windows 10, version 1703. +The TPMPolicy CSP was added in Windows 10, version 1703, and later. The following shows the TPMPolicy configuration service provider in tree format. ``` diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index 093c971528..70a1273bfa 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -23,7 +23,7 @@ The table below shows the applicability of Windows: |Enterprise|Yes|Yes| |Education|Yes|Yes| -The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809. +The UEFI configuration service provider (CSP) interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes. This CSP was added in Windows 10, version 1809c, and later. > [!NOTE] > The UEFI CSP version published in Windows 10, version 1803 is replaced with this one (version 1809). diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index e0f083cf64..358e9ed61a 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -324,7 +324,6 @@ Supported operations are Get and Execute. ## Related topics - [Configuration service provider reference](configuration-service-provider-reference.md) diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md index f5a5bd0adb..c3185ca305 100644 --- a/windows/client-management/mdm/update-csp.md +++ b/windows/client-management/mdm/update-csp.md @@ -72,7 +72,7 @@ The following shows the Update configuration service provider in tree format. > [!NOTE] > When the RequireUpdateApproval policy is set, the MDM uses the ApprovedUpdates list to pass the approved GUIDs. These GUIDs should be a subset of the InstallableUpdates list. -

The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update. +

The MDM must first present the EULA to IT and have them accept it before the update is approved. Failure to do this is a breach of legal or contractual obligations. The EULAs can be obtained from the update metadata and have their own EULA ID. It's possible for multiple updates to share the same EULA. It is only necessary to approve the EULA once per EULA ID, not one per update.

The update approval list enables IT to approve individual updates and update classifications. Auto-approval by update classifications allows IT to automatically approve Definition Updates (i.e., updates to the virus and spyware definitions on devices) and Security Updates (i.e., product-specific updates for security-related vulnerability). The update approval list does not support the uninstallation of updates by revoking approval of already installed updates. Updates are approved based on UpdateID, and an UpdateID only needs to be approved once. An update UpdateID and RevisionNumber are part of the UpdateIdentity type. An UpdateID can be associated to several UpdateIdentity GUIDs due to changes to the RevisionNumber setting. MDM services must synchronize the UpdateIdentity of an UpdateID based on the latest RevisionNumber to get the latest metadata for an update. However, update approval is based on UpdateID. diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index ac6ce3f1de..0bfb6fce06 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -559,7 +559,7 @@ An optional flag to enable Always On mode. This will automatically connect the V Preserving user Always On preference -Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually unchecks the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. +Windows has a feature to preserve a user’s AlwaysOn preference. In the event that a user manually uncheck the “Connect automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList. Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference. Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config` Value: AutoTriggerDisabledProfilesList @@ -735,7 +735,7 @@ Required for native profiles. Type of tunneling protocol used. This value can be Value type is chr. Supported operations include Get, Add, Replace, and Delete. > [!NOTE] -> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. +> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP, and then L2TP. This order is not customizable. **VPNv2/**ProfileName**/NativeProfile/Authentication** Required node for native profile. It contains authentication information for the native VPN profile. From 4c5d5d2b3ef8b45f0af540cf74ac1efda4e934b7 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Tue, 5 Apr 2022 00:59:06 +0530 Subject: [PATCH 07/16] Update vpnv2-csp.md --- windows/client-management/mdm/vpnv2-csp.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md index 0bfb6fce06..ef763b68fa 100644 --- a/windows/client-management/mdm/vpnv2-csp.md +++ b/windows/client-management/mdm/vpnv2-csp.md @@ -29,13 +29,13 @@ The VPNv2 configuration service provider allows the mobile device management (MD Here are the requirements for this CSP: - VPN configuration commands must be wrapped in an Atomic block in SyncML. -- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies. +- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you're using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies. - Instead of changing individual properties, follow these steps to make any changes: - Send a Delete command for the ProfileName to delete the entire profile. - Send the entire profile again with new values wrapped in an Atomic block. - In certain conditions you can change some properties directly, but we do not recommend it. + In certain conditions you can change some properties directly, but we don't recommend it. The XSDs for all EAP methods are shipped in the box and can be found at the following locations: @@ -341,7 +341,7 @@ Supported operations include Get, Add, and Delete. Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect. **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId -A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you should not skip numbers. +A sequential integer identifier that allows the ability to specify multiple apps for App Trigger. Sequencing must start at 0 and you shouldn't skip numbers. Supported operations include Get, Add, Replace, and Delete. @@ -349,7 +349,7 @@ Supported operations include Get, Add, Replace, and Delete. App Node under the Row Id. **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Id** -App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore cannot be specified in the get only App/Type field +App identity, which is either an app’s package family name or file path. The type is inferred by the Id, and therefore can't be specified in the get only App/Type field **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type** Returns the type of **App/Id**. This value can be either of the following: @@ -364,10 +364,10 @@ Optional node. List of routes to be added to the routing table for the VPN inter Every computer that runs TCP/IP makes routing decisions. These decisions are controlled by the IP routing table. Adding values under this node updates the routing table with routes for the VPN interface post connection. The values under this node represent the destination prefix of IP routes. A destination prefix consists of an IP address prefix and a prefix length. -Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and do not need this information in the VPN Profile. Please check with your VPN server administrator to determine whether you need this information in the VPN profile. +Adding a route here allows the networking stack to identify the traffic that needs to go over the VPN interface for split tunnel VPN. Some VPN servers can configure this during connect negotiation and don't need this information in the VPN Profile. Check with your VPN server administrator to determine whether you need this information in the VPN profile. **VPNv2/**ProfileName**/RouteList/**routeRowId -A sequential integer identifier for the RouteList. This is required if you are adding routes. Sequencing must start at 0. +A sequential integer identifier for the RouteList. This is required if you're adding routes. Sequencing must start at 0. Supported operations include Get, Add, Replace, and Delete. @@ -397,7 +397,7 @@ Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList** Optional node. Name Resolution Policy Table (NRPT) rules for the VPN profile. -The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before issuing name resolution queries, the DNS client consults the NRPT to determine if any additional flags must be set in the query. After receiving the response, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface. +The Name Resolution Policy Table (NRPT) is a table of namespaces and corresponding settings stored in the Windows registry that determines the DNS client behavior when issuing queries and processing responses. Each row in the NRPT represents a rule for a portion of the namespace for which the DNS client issues queries. Before issuing name resolution queries, the DNS client consults the NRPT to determine if any another flags must be set in the query. After receiving the response, the client again consults the NRPT to check for any special processing or policy requirements. In the absence of the NRPT, the client operates based on the DNS servers and suffixes set on the interface. > [!NOTE] > Only applications using the [Windows DNS API](/windows/win32/dns/dns-reference) can make use of the NRPT and therefore all settings configured within the DomainNameInformationList section. Applications using their own DNS implementation bypass the Windows DNS API. One example of applications not using the Windows DNS API is nslookup, so always use the PowerShell CmdLet [Resolve-DNSName](/powershell/module/dnsclient/resolve-dnsname) to check the functionality of the NRPT. @@ -418,7 +418,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType** Returns the namespace type. This value can be one of the following: -- FQDN - If the DomainName was not prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host. +- FQDN - If the DomainName wasn't prepended with a**.** and applies only to the fully qualified domain name (FQDN) of a specified host. - Suffix - If the DomainName was prepended with a**.** and applies to the specified namespace, all records in that namespace, and all subdomains. Value type is chr. Supported operation is Get. @@ -429,7 +429,7 @@ List of comma-separated DNS Server IP addresses to use for the namespace. Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers** -Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet. +Optional. Web Proxy Server IP address if you're redirecting traffic through your intranet. > [!NOTE] > Currently only one web proxy server is supported. @@ -439,7 +439,7 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/AutoTrigger** Added in Windows 10, version 1607. Optional. Boolean to determine whether this domain name rule will trigger the VPN. -If set to False, this DomainName rule will not trigger the VPN. +If set to False, this DomainName rule won't trigger the VPN. If set to True, this DomainName rule will trigger the VPN @@ -448,7 +448,7 @@ By default, this value is false. Value type is bool. **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/Persistent** -Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN is not connected. Value values: +Added in Windows 10, version 1607. A boolean value that specifies if the rule being added should persist even when the VPN isn't connected. Value values: - False (default) - This DomainName rule will only be applied when VPN is connected. - True - This DomainName rule will always be present and applied. From 9cb6eafae1a3a71529abd5914c08bc3bf44617a5 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Tue, 5 Apr 2022 21:53:10 +0530 Subject: [PATCH 08/16] WiFi to Wi-Fi update --- windows/client-management/mdm/cmpolicyenterprise-csp.md | 6 +++--- windows/client-management/mdm/devdetail-csp.md | 8 ++++---- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index 6c7a628a81..b206247ad8 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -26,7 +26,7 @@ Each policy entry identifies one or more applications in combination with a host **Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence. -**Default Policies**: Policies are applied in the order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available WiFi network first and then any available APN. +**Default Policies**: Policies are applied in the order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN. The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management. @@ -93,8 +93,8 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th |CDMA|{274AD55A-4A70-4E35-93B3-AE2D2E6727FC}| |Legacy 3GPP|{6DE4C04B-B74E-47FA-99E5-8F2097C06A92}| |LTE|{2378E547-8312-46A5-905E-5C581E92693B}| -|WiFi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}| -|WiFi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}| +|Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}| +|Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}| For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available: diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index e256226f20..2db2721d1f 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -219,22 +219,22 @@ Returns the VoLTE service to on or off. This setting is only exposed to mobile o Supported operation is Get. **Ext/WlanIPv4Address** -Returns the IPv4 address of the active WiFi connection. This address is only exposed to enterprise OMA DM servers. +Returns the IPv4 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA DM servers. Supported operation is Get. **Ext/WlanIPv6Address** -Returns the IPv6 address of the active WiFi connection. This address is only exposed to enterprise OMA-DM servers. +Returns the IPv6 address of the active Wi-Fi connection. This address is only exposed to enterprise OMA-DM servers. Supported operation is Get. **Ext/WlanDnsSuffix** -Returns the DNS suffix of the active WiFi connection. This suffix is only exposed to enterprise OMA-DM servers. +Returns the DNS suffix of the active Wi-Fi connection. This suffix is only exposed to enterprise OMA-DM servers. Supported operation is Get. **Ext/WlanSubnetMask** -Returns the subnet mask for the active WiFi connection. This subnet mask is only exposed to enterprise OMA-DM servers. +Returns the subnet mask for the active Wi-Fi connection. This subnet mask is only exposed to enterprise OMA-DM servers. Supported operation is Get. From 6f1b4fe791788a411f947c9da04d012110595399 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 6 Apr 2022 00:29:46 +0530 Subject: [PATCH 09/16] Updated --- windows/client-management/mdm/defender-csp.md | 9 ++++----- windows/client-management/mdm/devdetail-csp.md | 2 +- windows/client-management/mdm/tpmpolicy-csp.md | 2 +- windows/client-management/mdm/uefi-csp.md | 2 +- windows/client-management/mdm/w4-application-csp.md | 2 +- 5 files changed, 8 insertions(+), 9 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 3e8f4ed395..932d4dd958 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -17,13 +17,12 @@ ms.date: 02/22/2022 |Edition|Windows 10|Windows 11| |--- |--- |--- | -|Home|No|No| +|Home|Yes|Yes| |Pro|Yes|Yes| |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| - > [!WARNING] > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here. @@ -187,7 +186,7 @@ The following table describes the supported values: | 48 | Policy | | 49 | EUS (Enterprise Unwanted Software)| | 50 | Ransomware | -| 51 | Azure Site Recovery Rule | +| 51 | ASR Rule | Supported operation is Get. @@ -619,7 +618,7 @@ Intune tamper protection setting UX supports three states: When enabled or disabled exists on the client and admin moves the setting to not configured, it will not have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. **Configuration/DisableLocalAdminMerge**
-This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions. +This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusion list. If you disable or don't configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. In the case of conflicts, management settings will override preference settings. @@ -643,7 +642,7 @@ This policy setting controls whether or not exclusions are visible to Local Admi - If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app or via PowerShell. -- If you disable or don't configure this setting, Local Admins will be able to see exclusions in the Windows Security App and via PowerShell. +- If you disable or don't configure this setting, Local Admins will be able to see the exclusion list in the Windows Security App and via PowerShell. > [!NOTE] > Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**. diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md index 2db2721d1f..11a1e2668d 100644 --- a/windows/client-management/mdm/devdetail-csp.md +++ b/windows/client-management/mdm/devdetail-csp.md @@ -16,7 +16,7 @@ ms.date: 03/27/2020 |Edition|Windows 10|Windows 11| |--- |--- |--- | -|Home|No|No| +|Home|Yes|Yes| |Pro|Yes|Yes| |Business|Yes|Yes| |Enterprise|Yes|Yes| diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md index a34197b788..cf50e3b863 100644 --- a/windows/client-management/mdm/tpmpolicy-csp.md +++ b/windows/client-management/mdm/tpmpolicy-csp.md @@ -17,7 +17,7 @@ The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | -|Home|Yes|Yes| +|Home|No|No| |Pro|Yes|Yes| |Business|Yes|Yes| |Enterprise|Yes|Yes| diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index 70a1273bfa..776d45433d 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -17,7 +17,7 @@ The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | -|Home|Yes|Yes| +|Home|No|No| |Pro|Yes|Yes| |Business|Yes|Yes| |Enterprise|Yes|Yes| diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index 1c6f914c0e..b875698d2d 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -18,7 +18,7 @@ The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | -|Home|Yes|Yes| +|Home|No|No| |Pro|Yes|Yes| |Business|Yes|Yes| |Enterprise|Yes|Yes| From c78540092ee5eda619187ab484db8e734d33ec4a Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Wed, 6 Apr 2022 01:19:08 +0530 Subject: [PATCH 10/16] Updated --- .../client-management/mdm/cmpolicyenterprise-csp.md | 10 ++++++++++ windows/client-management/mdm/customdeviceui-csp.md | 9 +++++++++ .../client-management/mdm/unifiedwritefilter-csp.md | 4 ++-- windows/client-management/mdm/w4-application-csp.md | 2 +- 4 files changed, 22 insertions(+), 3 deletions(-) diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index b206247ad8..45e8e08d88 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -14,6 +14,16 @@ ms.date: 06/26/2017 # CMPolicyEnterprise CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No|| +|Business|No|No| +|Enterprise|No|No| +|Education|No|No| + The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request. > [!NOTE] diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index 98f6c3c61b..d8714619c2 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -14,6 +14,15 @@ ms.date: 06/26/2017 # CustomDeviceUI CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No|| +|Business|No|No| +|Enterprise|No|No| +|Education|No|No| The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported. The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md index 358e9ed61a..00df43d718 100644 --- a/windows/client-management/mdm/unifiedwritefilter-csp.md +++ b/windows/client-management/mdm/unifiedwritefilter-csp.md @@ -18,8 +18,8 @@ The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | -|Home|Yes|Yes| -|Pro|Yes|Yes| +|Home|No|No| +|Pro|No|No| |Business|Yes|Yes| |Enterprise|Yes|Yes| |Education|Yes|Yes| diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md index b875698d2d..1c6f914c0e 100644 --- a/windows/client-management/mdm/w4-application-csp.md +++ b/windows/client-management/mdm/w4-application-csp.md @@ -18,7 +18,7 @@ The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | -|Home|No|No| +|Home|Yes|Yes| |Pro|Yes|Yes| |Business|Yes|Yes| |Enterprise|Yes|Yes| From cf53d9f7992f0e08ffd3e1b5c6b2c3bbac421ac8 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Thu, 7 Apr 2022 00:41:27 +0530 Subject: [PATCH 11/16] Update accountmanagement-csp.md --- windows/client-management/mdm/accountmanagement-csp.md | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index 8f42b52db0..8f834a8f78 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -13,6 +13,15 @@ manager: dansimp # AccountManagement CSP +The table below shows the applicability of Windows: + +|Edition|Windows 10|Windows 11| +|--- |--- |--- | +|Home|No|No| +|Pro|No|No|| +|Business|No|No| +|Enterprise|No|No| +|Education|No|No| AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803. @@ -32,7 +41,6 @@ AccountManagement --------ProfileInactivityThreshold ``` - **./Vendor/MSFT/AccountManagement** Root node for the AccountManagement configuration service provider. From 074ae9ed8be77782a5e12bfe19b8f6a70c27ea03 Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 8 Apr 2022 15:31:42 +0530 Subject: [PATCH 12/16] Update accountmanagement-csp.md --- windows/client-management/mdm/accountmanagement-csp.md | 9 --------- 1 file changed, 9 deletions(-) diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md index 8f834a8f78..5f2a7ff230 100644 --- a/windows/client-management/mdm/accountmanagement-csp.md +++ b/windows/client-management/mdm/accountmanagement-csp.md @@ -13,15 +13,6 @@ manager: dansimp # AccountManagement CSP -The table below shows the applicability of Windows: - -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|No|No|| -|Business|No|No| -|Enterprise|No|No| -|Education|No|No| AccountManagement CSP is used to configure setting in the Account Manager service in Windows Holographic for Business edition. Added in Windows 10, version 1803. From 3cb495516270dab40e1802cd4868fa875a921fd3 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Wed, 27 Apr 2022 11:57:54 +0530 Subject: [PATCH 13/16] updated --- .../client-management/mdm/cmpolicyenterprise-csp.md | 2 +- windows/client-management/mdm/customdeviceui-csp.md | 10 ---------- windows/client-management/mdm/w7-application-csp.md | 12 +++++++----- 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md index 45e8e08d88..88fbce2433 100644 --- a/windows/client-management/mdm/cmpolicyenterprise-csp.md +++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md @@ -19,7 +19,7 @@ The table below shows the applicability of Windows: |Edition|Windows 10|Windows 11| |--- |--- |--- | |Home|No|No| -|Pro|No|No|| +|Pro|No|No| |Business|No|No| |Enterprise|No|No| |Education|No|No| diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md index d8714619c2..295768d539 100644 --- a/windows/client-management/mdm/customdeviceui-csp.md +++ b/windows/client-management/mdm/customdeviceui-csp.md @@ -14,16 +14,6 @@ ms.date: 06/26/2017 # CustomDeviceUI CSP -The table below shows the applicability of Windows: - -|Edition|Windows 10|Windows 11| -|--- |--- |--- | -|Home|No|No| -|Pro|No|No|| -|Business|No|No| -|Enterprise|No|No| -|Education|No|No| - The CustomDeviceUI configuration service provider allows OEMs to implement their custom foreground application, as well as the background tasks to run on an IoT device running IoT Core. Only one foreground application is supported per device. Multiple background tasks are supported. The following shows the CustomDeviceUI configuration service provider in tree format as used by both the Open Mobile Alliance (OMA) Device Management (DM) and OMA Client Provisioning. diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index bf6b0eddbe..420ccb5691 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -26,7 +26,8 @@ The table below shows the applicability of Windows: The APPLICATION configuration service provider that has an APPID of w7 is used for bootstrapping a device with an OMA DM account. Although this configuration service provider is used to set up an OMA DM account, it's managed over OMA Client Provisioning. -> **Note**  This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. +> [!Note] +> This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. The following shows the configuration service provider in tree format as used by OMA Client Provisioning. @@ -60,7 +61,8 @@ APPLICATION ---SSLCLIENTCERTSEARCHCRITERIA ``` -> **Note**   All parm names and characteristic types are case sensitive and must use all uppercase. +> [!Note] +> All parm names and characteristic types are case sensitive and must use all uppercase. Both APPSRV and CLIENT credentials must be provided in provisioning XML. @@ -119,7 +121,8 @@ Required. The APPID parameter is used in the APPLICATION characteristic to diffe **BACKCOMPATRETRYDISABLED** Optional. The BACKCOMPATRETRYDISABLED parameter is used in the APPLICATION characteristic to specify whether to retry resending a package with an older protocol version (for example, 1.1) in the SyncHdr (not including the first time). -> **Note**   This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled. +> [!Note] +> This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled.   @@ -188,10 +191,9 @@ The supported names are Subject and Stores; wildcard certificate search isn't su Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name isn't case sensitive. -> [!Note]   +> [!Note] > %EF%80%80 is the UTF8-encoded character U+F000. - Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following syntax: ```xml From c14fc16498accc04a3d118b25a2bcb36b001b604 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 2 May 2022 20:30:13 +0530 Subject: [PATCH 14/16] Reverting as per feedback --- windows/client-management/mdm/defender-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 932d4dd958..055242aa57 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -640,9 +640,9 @@ Valid values are: **Configuration/HideExclusionsFromLocalAdmins**
This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that aren't Local Admins) exclusions aren't visible, whether or not this setting is enabled. -- If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app or via PowerShell. +If you disable or don't configure this setting, Local Admins will be able to see the exclusion list in the Windows Security App and via PowerShell. -- If you disable or don't configure this setting, Local Admins will be able to see the exclusion list in the Windows Security App and via PowerShell. +If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app or via PowerShell. > [!NOTE] > Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**. From 87f0c743705f8cc8039ba6609fa9cc8973c7a689 Mon Sep 17 00:00:00 2001 From: Alekhya Jupudi <89069896+alekyaj@users.noreply.github.com> Date: Mon, 2 May 2022 20:38:15 +0530 Subject: [PATCH 15/16] Update defender-csp.md --- windows/client-management/mdm/defender-csp.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 055242aa57..09ce8bcd26 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -640,9 +640,9 @@ Valid values are: **Configuration/HideExclusionsFromLocalAdmins**
This policy setting controls whether or not exclusions are visible to Local Admins. For end users (that aren't Local Admins) exclusions aren't visible, whether or not this setting is enabled. -If you disable or don't configure this setting, Local Admins will be able to see the exclusion list in the Windows Security App and via PowerShell. +If you disable or do not configure this setting, Local Admins will be able to see exclusions in the Windows Security App, in the registry, and via PowerShell. -If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app or via PowerShell. +If you enable this setting, Local Admins will no longer be able to see the exclusion list in the Windows Security app, in the registry, or via PowerShell. > [!NOTE] > Applying this setting will not remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**. From 2ba8f32dfb39417b34fc9c5548986acf726786fb Mon Sep 17 00:00:00 2001 From: Nimisha Satapathy Date: Fri, 20 May 2022 15:45:40 +0530 Subject: [PATCH 16/16] Updated --- windows/client-management/mdm/defender-csp.md | 10 ++++---- windows/client-management/mdm/supl-csp.md | 2 +- .../client-management/mdm/surfacehub-csp.md | 2 +- windows/client-management/mdm/uefi-csp.md | 4 ++-- .../mdm/w7-application-csp.md | 24 ++++--------------- 5 files changed, 13 insertions(+), 29 deletions(-) diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md index 2f2daa96b2..24f01509db 100644 --- a/windows/client-management/mdm/defender-csp.md +++ b/windows/client-management/mdm/defender-csp.md @@ -363,7 +363,7 @@ Network Protection inspects DNS traffic that occurs over a UDP channel, to provi **EnableNetworkProtection/DisableHttpParsing** -Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true". +Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if Enable Network Protection is set to enabled. HTTP inspection can be disabled by setting this value to "$true". - Type: Boolean - Position: Named @@ -373,7 +373,7 @@ Network Protection inspects HTTP traffic to see if a connection is being made to **EnableNetworkProtection/DisableRdpParsing** -Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true". +Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if Enable Network Protection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true". - Type: Boolean - Position: Named @@ -383,7 +383,7 @@ Network Protection inspects RDP traffic so that it can block connections from kn **EnableNetworkProtection/DisableSshParsing** -Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true". +Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If Enable Network Protection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true". - Type: Boolean - Position: Named @@ -393,7 +393,7 @@ Network Protection inspects SSH traffic, so that it can block connections from k **EnableNetworkProtection/DisableTlsParsing** -Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true". +Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if Enable Network Protection is set to enabled. HTTP inspection can be disabled by setting this value to "$true". - Type: Boolean - Position: Named @@ -726,7 +726,7 @@ Intune Support log location setting UX supports three states: - 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path. - 0 - Disabled. Turns off the Support log location feature. -When enabled or disabled exists on the client and admin moves the setting to be configured not , it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. +When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly. More details: diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md index 9aa02addc6..001e41698e 100644 --- a/windows/client-management/mdm/supl-csp.md +++ b/windows/client-management/mdm/supl-csp.md @@ -102,7 +102,7 @@ Added in Windows 10, version 2004. Optional. Determines the full version (X.Y.Z **MCCMNCPairs** Required. List all of the MCC and MNC pairs owned by the mobile operator. This list is used to verify that the UICC matches the network and SUPL can be used. When the UICC and network don't match, the device uses the default location service and doesn't use SUPL. -This value is a string with the format "(X1, Y1)(X2, Y2)…(Xn, Yn)", in which `X` is an MCC and `Y` is an MNC. +This value is a string with the format `(X1, Y1)(X2, Y2)…(Xn, Yn)`, in which `X` is an MCC and `Y` is an MNC. For OMA DM, if the format for this node is incorrect the entry will be ignored and an error will be returned, but the configuration service provider will continue processing the rest of the parameters. diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md index 84efea687e..5b8229bb45 100644 --- a/windows/client-management/mdm/surfacehub-csp.md +++ b/windows/client-management/mdm/surfacehub-csp.md @@ -321,7 +321,7 @@ Invitations to collaborate from the Whiteboard app aren't allowed. **InBoxApps/Whiteboard/SigninDisabled** -Sign-in from the Whiteboard app aren't allowed. +Sign-ins from the Whiteboard app aren't allowed. - The data type is boolean. - Supported operation is Get and Replace. diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md index 776d45433d..174bdb6025 100644 --- a/windows/client-management/mdm/uefi-csp.md +++ b/windows/client-management/mdm/uefi-csp.md @@ -60,7 +60,7 @@ Uefi ``` The following list describes the characteristics and parameters. -**./Vendor/MSFT/Uefi** +**./Vendor/MSFT/UEFI** Root node. **DeviceIdentifier** @@ -89,7 +89,7 @@ Retrieves the binary result package of the previous Identity/Apply operation. Supported operation is Get. **Permissions** -Node for settings permission operations.. +Node for settings permission operations. **Permissions/Current** Retrieves XML from UEFI that describes the current UEFI settings permissions. diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md index 420ccb5691..3ba0e48d8e 100644 --- a/windows/client-management/mdm/w7-application-csp.md +++ b/windows/client-management/mdm/w7-application-csp.md @@ -29,7 +29,6 @@ The APPLICATION configuration service provider that has an APPID of w7 is used f > [!Note] > This configuration service provider requires the ID\_CAP\_CSP\_FOUNDATION and ID\_CAP\_DEVICE\_MANAGEMENT\_ADMIN capabilities to be accessed from a network configuration application. - The following shows the configuration service provider in tree format as used by OMA Client Provisioning. ```console @@ -62,10 +61,9 @@ APPLICATION ``` > [!Note] -> All parm names and characteristic types are case sensitive and must use all uppercase. +> All parameter names and characteristic types are case sensitive and must use all uppercase. Both APPSRV and CLIENT credentials must be provided in provisioning XML. - **APPADDR** This characteristic is used in the w7 APPLICATION characteristic to specify the DM server address. @@ -109,9 +107,9 @@ Optional. The AAUTHTYPE parameter of the APPAUTH characteristic is used to get o Valid values: -- BASIC - specifies that the SyncML DM 'syncml:auth-basic' authentication type. +- BASIC - specifies that the SyncML DM `syncml:auth-basic` authentication type. -- DIGEST - specifies that the SyncML DM 'syncml:auth-md5' authentication type. +- DIGEST - specifies that the SyncML DM `syncml:auth-md5` authentication type. - When AAUTHLEVEL is CLIENT, then AAUTHTYPE must be DIGEST. When AAUTHLEVEL is APPSRV, AAUTHTYPE can be BASIC or DIGEST. @@ -124,8 +122,6 @@ Optional. The BACKCOMPATRETRYDISABLED parameter is used in the APPLICATION chara > [!Note] > This parameter doesn't contain a value. The existence of this parameter means backward compatibility retry is disabled. If the parameter is missing, it means backward compatibility retry is enabled. -  - **CONNRETRYFREQ** Optional. The CONNRETRYFREQ parameter is used in the APPLICATION characteristic to specify how many retries the DM client performs when there are Connection Manager-level or WinInet-level errors. This parameter takes a numeric value in string format. The default value is “3”. You can set this parameter. @@ -144,7 +140,6 @@ Optional. The INIT parameter is used in the APPLICATION characteristic to indica > [!Note] > This node is only for mobile operators and MDM servers that try to use this will fail. This node isn't supported in the enterprise MDM enrollment scenario. This parameter forces the device to attempt to connect with the OMA DM server. The connection attempt fails if the XML is set during the coldinit phase. A common cause of this failure is that immediately after coldinit is finished the radio isn't yet ready. -   **INITIALBACKOFFTIME** Optional. The INITIALBACKOFFTIME parameter is used in the APPLICATION characteristic to specify the initial wait time in milliseconds when the DM client retries for the first time. The wait time grows exponentially. This parameter takes a numeric value in string format. The default value is “16000”. You can get or set this parameter. @@ -192,7 +187,7 @@ The supported names are Subject and Stores; wildcard certificate search isn't su Stores specifies which certificate stores the DM client will search to find the SSL client certificate. The valid store value is My%5CUser. The store name isn't case sensitive. > [!Note] -> %EF%80%80 is the UTF8-encoded character U+F000. +> `%EF%80%80` is the UTF8-encoded character U+F000. Subject specifies the certificate to search for. For example, to specify that you want a certificate with a particular Subject attribute (“CN=Tester,O=Microsoft”), use the following syntax: @@ -203,15 +198,4 @@ Subject specifies the certificate to search for. For example, to specify that yo ## Related topics - [Configuration service provider reference](configuration-service-provider-reference.md) - -  - -  - - - - - -