From 7fdc32eddcb7a53ba02eab20d9bdb1fe6789bdc9 Mon Sep 17 00:00:00 2001
From: msft-bob <82617611+msft-bob@users.noreply.github.com>
Date: Thu, 15 Apr 2021 15:59:36 -0700
Subject: [PATCH 1/5] Update policy-csp-authentication.md
Update to add description of new ConfigureWebSignInAllowedUrls policy.
---
.../mdm/policy-csp-authentication.md | 65 +++++++++++++++++++
1 file changed, 65 insertions(+)
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 51f56ffbbb..0edf2ca1ef 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -37,6 +37,9 @@ manager: dansimp
Authentication/AllowSecondaryAuthenticationDevice
+
+ Authentication/ConfigureWebSignInAllowedUrls
+
Authentication/EnableFastFirstSignIn
@@ -359,6 +362,68 @@ The following list shows the supported values:
+
+**Authentication/ConfigureWebSignInAllowedUrls**
+
+
+
+
+ | Windows Edition |
+ Supported? |
+
+
+ | Home |
+  |
+
+
+ | Pro |
+  4 |
+
+
+ | Business |
+ 4 |
+
+
+ | Enterprise |
+ 4 |
+
+
+ | Education |
+ 4 |
+
+
+
+
+
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
+
+
+
+Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a 3rd party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
+
+Example: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
**Authentication/EnableFastFirstSignIn**
From 9855b3cba4ed0599596f0d5fbb20fa70e685658c Mon Sep 17 00:00:00 2001
From: msft-bob <82617611+msft-bob@users.noreply.github.com>
Date: Thu, 15 Apr 2021 20:14:12 -0700
Subject: [PATCH 2/5] Update
windows/client-management/mdm/policy-csp-authentication.md
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
windows/client-management/mdm/policy-csp-authentication.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 0edf2ca1ef..7258bc578c 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -38,7 +38,7 @@ manager: dansimp
Authentication/AllowSecondaryAuthenticationDevice
- Authentication/ConfigureWebSignInAllowedUrls
+ Authentication/ConfigureWebSignInAllowedUrls
Authentication/EnableFastFirstSignIn
@@ -644,4 +644,3 @@ Footnotes:
- 8 - Available in Windows 10, version 2004.
-
From 1e293badaf86059d41df1a93e8867bb1e782cbb9 Mon Sep 17 00:00:00 2001
From: msft-bob <82617611+msft-bob@users.noreply.github.com>
Date: Thu, 15 Apr 2021 20:19:02 -0700
Subject: [PATCH 3/5] Apply suggestions from code review
Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
windows/client-management/mdm/policy-csp-authentication.md | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 7258bc578c..74167fec97 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -406,9 +406,9 @@ The following list shows the supported values:
-Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a 3rd party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
+Available in Windows 10, version 1803. Specifies the list of domains that are allowed to be navigated to in AAD PIN reset and Web Sign-in Windows device scenarios where authentication is handled by AD FS or a third-party federated identity provider. Note this policy is required in federated environments as a mitigation to the vulnerability described in [CVE-2021-27092](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-27092).
-Example: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
+**Example**: If your organization's PIN reset or Web Sign-in authentication flow is expected to navigate to two domains, accounts.contoso.com and signin.contoso.com, the policy value should be "accounts.contoso.com;signin.contoso.com".
From ff35811720f3f6ccfc4b2a2ffae31723e7a835da Mon Sep 17 00:00:00 2001
From: msft-bob <82617611+msft-bob@users.noreply.github.com>
Date: Sat, 17 Apr 2021 21:53:28 -0700
Subject: [PATCH 4/5] Revert extra space in policy jump link
---
windows/client-management/mdm/policy-csp-authentication.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 74167fec97..3137c8b270 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -38,7 +38,7 @@ manager: dansimp
Authentication/AllowSecondaryAuthenticationDevice
- Authentication/ConfigureWebSignInAllowedUrls
+ Authentication/ConfigureWebSignInAllowedUrls
Authentication/EnableFastFirstSignIn
From 5e0f81f7b2ee8da2e12530612beb40ef5de23dfa Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT
Date: Mon, 19 Apr 2021 07:39:06 -0700
Subject: [PATCH 5/5] Update policy-csp-authentication.md
---
windows/client-management/mdm/policy-csp-authentication.md | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index 3137c8b270..d62b5b232d 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -7,8 +7,7 @@ ms.prod: w10
ms.technology: windows
author: manikadhiman
ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer:
+ms.reviewer: bobgil
manager: dansimp
---