diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json index 8d507ba71a..81696cd310 100644 --- a/.openpublishing.redirection.json +++ b/.openpublishing.redirection.json @@ -79,6 +79,11 @@ "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md", "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations", "redirect_document_id": true + }, + { + "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md", + "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy", + "redirect_document_id": true }, { "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md", @@ -14565,41 +14570,86 @@ "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-admx-backed.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-admx-backed", + "redirect_document_id": false + }, { "source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md", "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy", "redirect_document_id": false }, + { + "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy", + "redirect_document_id": false + }, + { + "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md", + "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas", + "redirect_document_id": false + }, { "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md", "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs", diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md index 9d150d9583..31da1afc51 100644 --- a/windows/application-management/apps-in-windows-10.md +++ b/windows/application-management/apps-in-windows-10.md @@ -39,53 +39,53 @@ You can list all provisioned Windows apps with this PowerShell command: Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName ``` -Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, and 1909. +Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004. -| Package name | App name | 1803 | 1809 | 1903 | 1909 | Uninstall through UI? | -|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:| -| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | Yes | -| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | Via Settings App | -| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | Yes | -| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | | -| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | No | -| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.VP9VideoExtensions | | | x | x | x | No | -| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | No | -| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | No | -| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | No | -| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | No | -| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | No | +| Package name | App name | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? | +|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:| +| Microsoft.3DBuilder | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe) | | | | | | Yes | +| Microsoft.BingWeather | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.DesktopAppInstaller | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe) | x | x | x | x | x | Via Settings App | +| Microsoft.GetHelp | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Getstarted | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.HEIFImageExtension | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.Messaging | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Microsoft3DViewer | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.MicrosoftOfficeHub | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.MicrosoftSolitaireCollection | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.MicrosoftStickyNotes | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.MixedReality.Portal | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.MSPaint | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Office.OneNote | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe) | x | x | x | x | x | Yes | +| Microsoft.OneConnect | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Outlook.DesktopIntegrationServices | | | | | x | x | | +| Microsoft.People | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Print3D | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.ScreenSketch | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.SkypeApp | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c) | x | x | x | x | x | No | +| Microsoft.StorePurchaseApp | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.VP9VideoExtensions | | | x | x | x | x | No | +| Microsoft.Wallet | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WebMediaExtensions | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WebpImageExtension | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.Windows.Photos | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsAlarms | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsCalculator | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsCamera | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe) | x | x | x | x | x | No | +| microsoft.windowscommunicationsapps | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsFeedbackHub | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsMaps | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsSoundRecorder | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.WindowsStore | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.Xbox.TCUI | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxApp | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxGameOverlay | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxGamingOverlay | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxIdentityProvider | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.XboxSpeechToTextOverlay | | x | x | x | x | x | No | +| Microsoft.YourPhone | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe) | | x | x | x | x | No | +| Microsoft.ZuneMusic | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe) | x | x | x | x | x | No | +| Microsoft.ZuneVideo | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe) | x | x | x | x | x | No | >[!NOTE] >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it. diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md index bc6f44d66e..f25c37dce5 100644 --- a/windows/client-management/connect-to-remote-aadj-pc.md +++ b/windows/client-management/connect-to-remote-aadj-pc.md @@ -22,13 +22,10 @@ ms.topic: article - Windows 10 -From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). +From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics). ![Remote Desktop Connection client](images/rdp.png) -> [!TIP] -> Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics) - ## Set up - Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported. @@ -37,36 +34,39 @@ From its release, Windows 10 has supported remote connections to PCs joined to A Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC. - On the PC you want to connect to: + 1. Open system properties for the remote PC. + 2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**. - ![Allow remote connections to this computer](images/allow-rdp.png) + ![Allow remote connections to this computer](images/allow-rdp.png) - 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**. + 3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group. - > [!NOTE] - > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet: - > ```PowerShell - > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user" - > ``` - > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD. - > - > This command only works for AADJ device users already added to any of the local groups (administrators). - > Otherwise this command throws the below error. For example: - > - for cloud only user: "There is no such global user or group : *name*" - > - for synced user: "There is no such global user or group : *name*"
- > - > In Windows 10, version 1709, the user does not have to sign in to the remote device first. - > - > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices. + > [!NOTE] + > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet: + > ```powershell + > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user" + > ``` + > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD. + > + > This command only works for AADJ device users already added to any of the local groups (administrators). + > Otherwise this command throws the below error. For example: + > - for cloud only user: "There is no such global user or group : *name*" + > - for synced user: "There is no such global user or group : *name*"
+ + > [!NOTE] + > In Windows 10, version 1709, the user does not have to sign in to the remote device first. + > + > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices. + + 4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC. - 4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC. + > [!TIP] + > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant. - > [!TIP] - > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant. - -> [!Note] -> If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e). + > [!Note] + > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e). ## Supported configurations diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md index a7fbff363b..8ff993ef33 100644 --- a/windows/client-management/mdm/TOC.md +++ b/windows/client-management/mdm/TOC.md @@ -1,5 +1,6 @@ # [Mobile device management](index.md) ## [What's new in MDM enrollment and management](new-in-windows-mdm-enrollment-management.md) +### [Change history for MDM documentation](change-history-for-mdm-documentation.md) ## [Mobile device enrollment](mobile-device-enrollment.md) ### [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md) #### [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md) @@ -159,14 +160,14 @@ #### [Personalization DDF file](personalization-ddf.md) ### [Policy CSP](policy-configuration-service-provider.md) #### [Policy DDF file](policy-ddf-file.md) -#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md) -#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md) -#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md) -#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md) -#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md) -#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) -#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md) -#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md) +#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md) +#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md) +#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md) +#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md) +#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md) +#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md) +#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md) +#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md) #### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md) #### [AboveLock](policy-csp-abovelock.md) #### [Accounts](policy-csp-accounts.md) @@ -208,6 +209,19 @@ #### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md) #### [ADMX_Sharing](policy-csp-admx-sharing.md) #### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md) +#### [ADMX_Smartcard](policy-csp-admx-smartcard.md) +#### [ADMX_Snmp](policy-csp-admx-snmp.md) +#### [ADMX_tcpip](policy-csp-admx-tcpip.md) +#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md) +#### [ADMX_TPM](policy-csp-admx-tpm.md) +#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md) +#### [ADMX_W32Time](policy-csp-admx-w32time.md) +#### [ADMX_WinCal](policy-csp-admx-wincal.md) +#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md) +#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md) +#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md) +#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md) +#### [ADMX_WinInit](policy-csp-admx-wininit.md) #### [ApplicationDefaults](policy-csp-applicationdefaults.md) #### [ApplicationManagement](policy-csp-applicationmanagement.md) #### [AppRuntime](policy-csp-appruntime.md) @@ -254,9 +268,11 @@ #### [LanmanWorkstation](policy-csp-lanmanworkstation.md) #### [Licensing](policy-csp-licensing.md) #### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md) +#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md) #### [LockDown](policy-csp-lockdown.md) #### [Maps](policy-csp-maps.md) #### [Messaging](policy-csp-messaging.md) +#### [MixedReality](policy-csp-mixedreality.md) #### [MSSecurityGuide](policy-csp-mssecurityguide.md) #### [MSSLegacy](policy-csp-msslegacy.md) #### [NetworkIsolation](policy-csp-networkisolation.md) @@ -293,6 +309,7 @@ #### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md) #### [WindowsLogon](policy-csp-windowslogon.md) #### [WindowsPowerShell](policy-csp-windowspowershell.md) +#### [WindowsSandbox](policy-csp-windowssandbox.md) #### [WirelessDisplay](policy-csp-wirelessdisplay.md) ### [PolicyManager CSP](policymanager-csp.md) ### [Provisioning CSP](provisioning-csp.md) diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md index 8e84d077d5..b511fd100f 100644 --- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md +++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md @@ -165,7 +165,10 @@ The following image illustrates how MDM applications will show up in the Azure a ### Add cloud-based MDM to the app gallery -You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery. +> [!NOTE] +> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application + +The following table shows the required information to create an entry in the Azure AD app gallery. diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md new file mode 100644 index 0000000000..698c4fa9b7 --- /dev/null +++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md @@ -0,0 +1,1078 @@ +--- +title: Change history for MDM documentation +description: This article lists new and updated articles for Mobile Device Management. +ms.reviewer: +manager: dansimp +ms.author: dansimp +ms.topic: article +ms.prod: w10 +ms.technology: windows +author: manikadhiman +ms.localizationpriority: medium +ms.date: 10/19/2020 +--- + +# Change history for Mobile Device Management documentation + +This article lists new and updated articles for the Mobile Device Management (MDM) documentation. Updated articles are those that had content addition, removal, or corrections—minor fixes, such as correction of typos, style, or formatting issues are not listed. + +## October 2020 + +|New or updated article | Description| +|--- | ---| +| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
- [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
- [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
- [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
- [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
- [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
- [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
- [WindowsSandbox/AllowAudioInput](policy-csp-windowssandbox.md#windowssandbox-allowaudioinput)
- [WindowsSandbox/AllowClipboardRedirection](policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection)
- [WindowsSandbox/AllowNetworking](policy-csp-windowssandbox.md#windowssandbox-allownetworking)
- [WindowsSandbox/AllowPrinterRedirection](policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection)
- [WindowsSandbox/AllowVGPU](policy-csp-windowssandbox.md#windowssandbox-allowvgpu)
- [WindowsSandbox/AllowVideoInput](policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) | + +## September 2020 + +|New or updated article | Description| +|--- | ---| +|[NetworkQoSPolicy CSP](networkqospolicy-csp.md)|Updated support information of the NetworkQoSPolicy CSP.| +|[Policy CSP - LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)|Removed the following unsupported LocalPoliciesSecurityOptions policy settings from the documentation:
- RecoveryConsole_AllowAutomaticAdministrativeLogon
- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways
- DomainMember_DigitallyEncryptSecureChannelDataWhenPossible
- DomainMember_DisableMachineAccountPasswordChanges
- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems
| + +## August 2020 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - System](policy-csp-system.md)|Removed the following policy settings:
- System/AllowDesktopAnalyticsProcessing
- System/AllowMicrosoftManagedDesktopProcessing
- System/AllowUpdateComplianceProcessing
- System/AllowWUfBCloudProcessing
| + +## July 2020 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - System](policy-csp-system.md)|Added the following new policy settings:
- System/AllowDesktopAnalyticsProcessing
- System/AllowMicrosoftManagedDesktopProcessing
- System/AllowUpdateComplianceProcessing
- System/AllowWUfBCloudProcessing


Updated the following policy setting:
- System/AllowCommercialDataPipeline
| + +## June 2020 + +|New or updated article | Description| +|--- | ---| +|[BitLocker CSP](bitlocker-csp.md)|Added SKU support table for **AllowStandardUserEncryption**.| +|[Policy CSP - NetworkIsolation](policy-csp-networkisolation.md)|Updated the description from Boolean to Integer for the following policy settings:
EnterpriseIPRangesAreAuthoritative, EnterpriseProxyServersAreAuthoritative.| + +## May 2020 + +|New or updated article | Description| +|--- | ---| +|[BitLocker CSP](bitlocker-csp.md)|Added the bitmask table for the Status/DeviceEncryptionStatus node.| +|[Policy CSP - RestrictedGroups](policy-csp-restrictedgroups.md)| Updated the topic with additional details. Added policy timeline table. + +## February 2020 + +|New or updated article | Description| +|--- | ---| +|[CertificateStore CSP](certificatestore-csp.md)
[ClientCertificateInstall CSP](clientcertificateinstall-csp.md)|Added details about SubjectName value.| + +## January 2020 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - Defender](policy-csp-defender.md)|Added descriptions for supported actions for Defender/ThreatSeverityDefaultAction.| + +## November 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added option 5 in the supported values list for DeliveryOptimization/DOGroupIdSource.| +|[DiagnosticLog CSP](diagnosticlog-csp.md)|Added substantial updates to this CSP doc.| + +## October 2019 + +|New or updated article | Description| +|--- | ---| +|[BitLocker CSP](bitlocker-csp.md)|Added the following new nodes:
ConfigureRecoveryPasswordRotation, RotateRecoveryPasswords, RotateRecoveryPasswordsStatus, RotateRecoveryPasswordsRequestID.| +|[Defender CSP](defender-csp.md)|Added the following new nodes:
Health/TamperProtectionEnabled, Health/IsVirtualMachine, Configuration, Configuration/TamperProtection, Configuration/EnableFileHashComputation.| + +## September 2019 + +|New or updated article | Description| +|--- | ---| +|[EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)|Added the following new node:
IsStub.| +|[Policy CSP - Defender](policy-csp-defender.md)|Updated the supported value list for Defender/ScheduleScanDay policy.| +|[Policy CSP - DeviceInstallation](policy-csp-deviceinstallation.md)|Added the following new policies:
DeviceInstallation/AllowInstallationOfMatchingDeviceInstanceIDs, DeviceInstallation/PreventInstallationOfMatchingDeviceInstanceIDs.| + +## August 2019 + +|New or updated article | Description| +|--- | ---| +|[DiagnosticLog CSP](diagnosticlog-csp.md)
[DiagnosticLog DDF](diagnosticlog-ddf.md)|Added version 1.4 of the CSP in Windows 10, version 1903. Added the new 1.4 version of the DDF. Added the following new nodes:
Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.| +|[Enroll a Windows 10 device automatically using Group Policy](enroll-a-windows-10-device-automatically-using-group-policy.md)|Enhanced the article to include additional reference links and the following two topics:
Verify auto-enrollment requirements and settings, Troubleshoot auto-enrollment of devices.| + +## July 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP](policy-configuration-service-provider.md)|Added the following list:
Policies supported by HoloLens 2| +|[ApplicationControl CSP](applicationcontrol-csp.md)|Added new CSP in Windows 10, version 1903.| +|[PassportForWork CSP](passportforwork-csp.md)|Added the following new nodes in Windows 10, version 1903:
SecurityKey, SecurityKey/UseSecurityKeyForSignin| +|[Policy CSP - Privacy](policy-csp-privacy.md)|Added the following new policies:
LetAppsActivateWithVoice, LetAppsActivateWithVoiceAboveLock| +|Create a custom configuration service provider|Deleted the following documents from the CSP reference because extensibility via CSPs is not currently supported:
Create a custom configuration service provider
Design a custom configuration service provider
IConfigServiceProvider2
IConfigServiceProvider2::ConfigManagerNotification
IConfigServiceProvider2::GetNode
ICSPNode
ICSPNode::Add
ICSPNode::Clear
ICSPNode::Copy
ICSPNode::DeleteChild
ICSPNode::DeleteProperty
ICSPNode::Execute
ICSPNode::GetChildNodeNames
ICSPNode::GetProperty
ICSPNode::GetPropertyIdentifiers
ICSPNode::GetValue
ICSPNode::Move
ICSPNode::SetProperty
ICSPNode::SetValue
ICSPNodeTransactioning
ICSPValidate
Samples for writing a custom configuration service provider.| + +## June 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - DeviceHealthMonitoring](policy-csp-devicehealthmonitoring.md)|Added the following new policies:
AllowDeviceHealthMonitoring, ConfigDeviceHealthMonitoringScope, ConfigDeviceHealthMonitoringUploadDestination.| +|[Policy CSP - TimeLanguageSettings](policy-csp-timelanguagesettings.md)|Added the following new policy:
ConfigureTimeZone.| + +## May 2019 + +|New or updated article | Description| +|--- | ---| +|[DeviceStatus CSP](devicestatus-csp.md)|Updated description of the following nodes:
DeviceStatus/Antivirus/SignatureStatus, DeviceStatus/Antispyware/SignatureStatus.| +|[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)|Added new CSP in Windows 10, version 1903.| +|[Policy CSP - DeliveryOptimization](policy-csp-deliveryoptimization.md)|Added the following new policies:
DODelayCacheServerFallbackBackground, DODelayCacheServerFallbackForeground.

Updated description of the following policies:
DOMinRAMAllowedToPeer, DOMinFileSizeToCache, DOMinDiskSizeAllowedToPeer.| +|[Policy CSP - Experience](policy-csp-experience.md)|Added the following new policy:
ShowLockOnUserTile.| +|[Policy CSP - InternetExplorer](policy-csp-internetexplorer.md)|Added the following new policies:
AllowEnhancedSuggestionsInAddressBar, DisableActiveXVersionListAutoDownload, DisableCompatView, DisableFeedsBackgroundSync, DisableGeolocation, DisableWebAddressAutoComplete, NewTabDefaultPage.| +|[Policy CSP - Power](policy-csp-power.md)|Added the following new policies:
EnergySaverBatteryThresholdOnBattery, EnergySaverBatteryThresholdPluggedIn, SelectLidCloseActionOnBattery, SelectLidCloseActionPluggedIn, SelectPowerButtonActionOnBattery, SelectPowerButtonActionPluggedIn, SelectSleepButtonActionOnBattery, SelectSleepButtonActionPluggedIn, TurnOffHybridSleepOnBattery, TurnOffHybridSleepPluggedIn, UnattendedSleepTimeoutOnBattery, UnattendedSleepTimeoutPluggedIn.| +|[Policy CSP - Search](policy-csp-search.md)|Added the following new policy:
AllowFindMyFiles.| +|[Policy CSP - ServiceControlManager](policy-csp-servicecontrolmanager.md)|Added the following new policy:
SvchostProcessMitigation.| +|[Policy CSP - System](policy-csp-system.md)|Added the following new policies:
AllowCommercialDataPipeline, TurnOffFileHistory.| +|[Policy CSP - Troubleshooting](policy-csp-troubleshooting.md)|Added the following new policy:
AllowRecommendations.| +|[Policy CSP - Update](policy-csp-update.md)|Added the following new policies:
AutomaticMaintenanceWakeUp, ConfigureDeadlineForFeatureUpdates, ConfigureDeadlineForQualityUpdates, ConfigureDeadlineGracePeriod, ConfigureDeadlineNoAutoReboot.| +|[Policy CSP - WindowsLogon](policy-csp-windowslogon.md)|Added the following new policies:
AllowAutomaticRestartSignOn, ConfigAutomaticRestartSignOn, EnableFirstLogonAnimation.

Removed the following policy:
SignInLastInteractiveUserAutomaticallyAfterASystemInitiatedRestart. This policy is replaced by AllowAutomaticRestartSignOn.| + +## April 2019 + +| New or updated article | Description | +|-------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [Win32 and Desktop Bridge app policy configuration](win32-and-centennial-app-policy-configuration.md) | Added the following warning at the end of the Overview section:
Some operating system components have built in functionality to check devices for domain membership. MDM enforces the configured policy values only if the devices are domain joined, otherwise it does not. However, you can still import ADMX files and set ADMX-backed policies regardless of whether the device is domain joined or non-domain joined. | +| [Policy CSP - UserRights](policy-csp-userrights.md) | Added a note stating if you use Intune custom profiles to assign UserRights policies, you must use the CDATA tag () to wrap the data fields. | + +## March 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - Storage](policy-csp-storage.md)|Updated ADMX Info of the following policies:
AllowStorageSenseGlobal, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseCloudContentDehydrationThreshold, ConfigStorageSenseDownloadsCleanupThreshold, ConfigStorageSenseGlobalCadence, ConfigStorageSenseRecycleBinCleanupThreshold.

Updated description of ConfigStorageSenseDownloadsCleanupThreshold.| + +## February 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP](policy-configuration-service-provider.md)|Updated supported policies for Holographic.| + +## January 2019 + +|New or updated article | Description| +|--- | ---| +|[Policy CSP - Storage](policy-csp-storage.md)|Added the following new policies: AllowStorageSenseGlobal, ConfigStorageSenseGlobalCadence, AllowStorageSenseTemporaryFilesCleanup, ConfigStorageSenseRecycleBinCleanupThreshold, ConfigStorageSenseDownloadsCleanupThreshold, and ConfigStorageSenseCloudContentCleanupThreshold.| +|[SharedPC CSP](sharedpc-csp.md)|Updated values and supported operations.| +|[Mobile device management](index.md)|Updated information about MDM Security Baseline.| + +## December 2018 + +|New or updated article | Description| +|--- | ---| +|[BitLocker CSP](bitlocker-csp.md)|Updated AllowWarningForOtherDiskEncryption policy description to describe silent and non-silent encryption scenarios, as well as where and how the recovery key is backed up for each scenario.| + +## September 2018 + +|New or updated article | Description| +|--- | ---| +|[Mobile device management](index.md#mmat) | Added information about the MDM Migration Analysis Tool (MMAT).| +|[Policy CSP - DeviceGuard](policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.| + +## August 2018 + +
++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
BitLocker CSP

Added support for Windows 10 Pro starting in the version 1809.

+
Office CSP

Added FinalStatus setting in Windows 10, version 1809.

+
RemoteWipe CSP

Added new settings in Windows 10, version 1809.

+
TenantLockdown CSP

Added new CSP in Windows 10, version 1809.

+
WindowsDefenderApplicationGuard CSP

Added new settings in Windows 10, version 1809.

+
Policy DDF file

Posted an updated version of the Policy DDF for Windows 10, version 1809.

+
Policy CSP

Added the following new policies in Windows 10, version 1809:

+
    +
  • Browser/AllowFullScreenMode
    • +
  • Browser/AllowPrelaunch
    • +
  • Browser/AllowPrinting
    • +
  • Browser/AllowSavingHistory
    • +
  • Browser/AllowSideloadingOfExtensions
    • +
  • Browser/AllowTabPreloading
    • +
  • Browser/AllowWebContentOnNewTabPage
    • +
  • Browser/ConfigureFavoritesBar
    • +
  • Browser/ConfigureHomeButton
    • +
  • Browser/ConfigureKioskMode
    • +
  • Browser/ConfigureKioskResetAfterIdleTimeout
    • +
  • Browser/ConfigureOpenMicrosoftEdgeWith
    • +
  • Browser/ConfigureTelemetryForMicrosoft365Analytics
    • +
  • Browser/PreventCertErrorOverrides
    • +
  • Browser/SetHomeButtonURL
    • +
  • Browser/SetNewTabPageURL
    • +
  • Browser/UnlockHomeButton
    • +
  • Experience/DoNotSyncBrowserSettings
    • +
  • Experience/PreventUsersFromTurningOnBrowserSyncing
    • +
  • Kerberos/UPNNameHints
    • +
  • Privacy/AllowCrossDeviceClipboard
    • +
  • Privacy/DisablePrivacyExperience
    • +
  • Privacy/UploadUserActivities
    • +
  • System/AllowDeviceNameInDiagnosticData
    • +
  • System/ConfigureMicrosoft365UploadEndpoint
    • +
  • System/DisableDeviceDelete
    • +
  • System/DisableDiagnosticDataViewer
    • +
  • Storage/RemovableDiskDenyWriteAccess
    • +
  • Update/UpdateNotificationLevel
    • +
+

Start/DisableContextMenus - added in Windows 10, version 1803.

+

RestrictedGroups/ConfigureGroupMembership - added new schema to apply and retrieve the policy.

+
+ +## July 2018 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
AssignedAccess CSP

Added the following note:

+
    +
  • You can only assign one single app kiosk profile to an individual user account on a device. The single app profile does not support domain groups.
    • +
+
PassportForWork CSP

Added new settings in Windows 10, version 1809.

+
EnterpriseModernAppManagement CSP

Added NonRemovable setting under AppManagement node in Windows 10, version 1809.

+
Win32CompatibilityAppraiser CSP

Added new configuration service provider in Windows 10, version 1809.

+
WindowsLicensing CSP

Added S mode settings and SyncML examples in Windows 10, version 1809.

+
SUPL CSP

Added 3 new certificate nodes in Windows 10, version 1809.

+
Defender CSP

Added a new node Health/ProductStatus in Windows 10, version 1809.

+
BitLocker CSP

Added a new node AllowStandardUserEncryption in Windows 10, version 1809.

+
DevDetail CSP

Added a new node SMBIOSSerialNumber in Windows 10, version 1809.

+
Policy CSP

Added the following new policies in Windows 10, version 1809:

+
    +
  • ApplicationManagement/LaunchAppAfterLogOn
    • +
  • ApplicationManagement/ScheduleForceRestartForUpdateFailures
    • +
  • Authentication/EnableFastFirstSignIn (Preview mode only)
    • +
  • Authentication/EnableWebSignIn (Preview mode only)
    • +
  • Authentication/PreferredAadTenantDomainName
    • +
  • Defender/CheckForSignaturesBeforeRunningScan
    • +
  • Defender/DisableCatchupFullScan
    • +
  • Defender/DisableCatchupQuickScan
    • +
  • Defender/EnableLowCPUPriority
    • +
  • Defender/SignatureUpdateFallbackOrder
    • +
  • Defender/SignatureUpdateFileSharesSources
    • +
  • DeviceGuard/ConfigureSystemGuardLaunch
    • +
  • DeviceInstallation/AllowInstallationOfMatchingDeviceIDs
    • +
  • DeviceInstallation/AllowInstallationOfMatchingDeviceSetupClasses
    • +
  • DeviceInstallation/PreventDeviceMetadataFromNetwork
    • +
  • DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
    • +
  • DmaGuard/DeviceEnumerationPolicy
    • +
  • Experience/AllowClipboardHistory
    • +
  • Security/RecoveryEnvironmentAuthentication
    • +
  • TaskManager/AllowEndTask
    • +
  • WindowsDefenderSecurityCenter/DisableClearTpmButton
    • +
  • WindowsDefenderSecurityCenter/DisableTpmFirmwareUpdateWarning
    • +
  • WindowsDefenderSecurityCenter/HideWindowsSecurityNotificationAreaControl
    • +
  • WindowsLogon/DontDisplayNetworkSelectionUI
    • +
+

Recent changes:

+
    +
  • DataUsage/SetCost3G - deprecated in Windows 10, version 1809.
    • +
+
+ +## June 2018 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
Wifi CSP

Added a new node WifiCost in Windows 10, version 1809.

+
Diagnose MDM failures in Windows 10

Recent changes:

+
    +
  • Added procedure for collecting logs remotely from Windows 10 Holographic.
    • +
  • Added procedure for downloading the MDM Diagnostic Information log.
    • +
+
Bitlocker CSP

Added new node AllowStandardUserEncryption in Windows 10, version 1809.

+
Policy CSP

Recent changes:

+
    +
  • AccountPoliciesAccountLockoutPolicy/AccountLockoutDuration - removed from docs. Not supported.
    • +
  • AccountPoliciesAccountLockoutPolicy/AccountLockoutThreshold - removed from docs. Not supported.
    • +
  • AccountPoliciesAccountLockoutPolicy/ResetAccountLockoutCounterAfter - removed from docs. Not supported.
    • +
  • LocalPoliciesSecurityOptions/NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers - removed from docs. Not supported.
    • +
  • System/AllowFontProviders is not supported in HoloLens (1st gen) Commercial Suite.
    • +
  • Security/RequireDeviceEncryption is supported in the Home SKU.
    • +
  • Start/StartLayout - added a table of SKU support information.
    • +
  • Start/ImportEdgeAssets - added a table of SKU support information.
    • +
+

Added the following new policies in Windows 10, version 1809:

+
    +
  • Update/EngagedRestartDeadlineForFeatureUpdates
    • +
  • Update/EngagedRestartSnoozeScheduleForFeatureUpdates
    • +
  • Update/EngagedRestartTransitionScheduleForFeatureUpdates
    • +
  • Update/SetDisablePauseUXAccess
    • +
  • Update/SetDisableUXWUAccess
    • +
+
WiredNetwork CSPNew CSP added in Windows 10, version 1809. +
+ +## May 2018 + + ++++ + + + + + + + + + + + +
New or updated articleDescription
Policy DDF file

Updated the DDF files in the Windows 10 version 1703 and 1709.

+ +
+ +## April 2018 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
WindowsDefenderApplicationGuard CSP

Added the following node in Windows 10, version 1803:

+
    +
  • Settings/AllowVirtualGPU
    • +
  • Settings/SaveFilesToHost
    • +
+
NetworkProxy CSP

Added the following node in Windows 10, version 1803:

+
    +
  • ProxySettingsPerUser
    • +
+
Accounts CSP

Added a new CSP in Windows 10, version 1803.

+
MDM Migration Analysis Tool (MMAT)

Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.

+
CSP DDF files download

Added the DDF download of Windows 10, version 1803 configuration service providers.

+
Policy CSP

Added the following new policies for Windows 10, version 1803:

+
    +
  • Bluetooth/AllowPromptedProximalConnections
    • +
  • KioskBrowser/EnableEndSessionButton
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers
    • +
+
+ +## March 2018 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
eUICCs CSP

Added the following node in Windows 10, version 1803:

+
    +
  • IsEnabled
    • +
+
DeviceStatus CSP

Added the following node in Windows 10, version 1803:

+
    +
  • OS/Mode
    • +
+
Understanding ADMX-backed policies

Added the following videos:

+ +
AccountManagement CSP

Added a new CSP in Windows 10, version 1803.

+
RootCATrustedCertificates CSP

Added the following node in Windows 10, version 1803:

+
    +
  • UntrustedCertificates
    • +
+
Policy CSP

Added the following new policies for Windows 10, version 1803:

+
    +
  • ApplicationDefaults/EnableAppUriHandlers
    • +
  • ApplicationManagement/MSIAllowUserControlOverInstall
    • +
  • ApplicationManagement/MSIAlwaysInstallWithElevatedPrivileges
    • +
  • Connectivity/AllowPhonePCLinking
    • +
  • Notifications/DisallowCloudNotification
    • +
  • Notifications/DisallowTileNotification
    • +
  • RestrictedGroups/ConfigureGroupMembership
    • +
+

The following existing policies were updated:

+
    +
  • Browser/AllowCookies - updated the supported values. There are 3 values - 0, 1, 2.
    • +
  • InternetExplorer/AllowSiteToZoneAssignmentList - updated the description and added an example SyncML
    • +
  • TextInput/AllowIMENetworkAccess - introduced new suggestion services in Japanese IME in addition to cloud suggestion.
    • +
+

Added a new section:

+ +
Policy CSP - Bluetooth

Added new section ServicesAllowedList usage guide.

+
MultiSIM CSP

Added SyncML examples and updated the settings descriptions.

+
RemoteWipe CSP

Reverted back to Windows 10, version 1709. Removed previous draft documentation for version 1803.

+
+ +## February 2018 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
Policy CSP

Added the following new policies for Windows 10, version 1803:

+
    +
  • Display/DisablePerProcessDpiForApps
    • +
  • Display/EnablePerProcessDpi
    • +
  • Display/EnablePerProcessDpiForApps
    • +
  • Experience/AllowWindowsSpotlightOnSettings
    • +
  • TextInput/ForceTouchKeyboardDockedState
    • +
  • TextInput/TouchKeyboardDictationButtonAvailability
    • +
  • TextInput/TouchKeyboardEmojiButtonAvailability
    • +
  • TextInput/TouchKeyboardFullModeAvailability
    • +
  • TextInput/TouchKeyboardHandwritingModeAvailability
    • +
  • TextInput/TouchKeyboardNarrowModeAvailability
    • +
  • TextInput/TouchKeyboardSplitModeAvailability
    • +
  • TextInput/TouchKeyboardWideModeAvailability
    • +
      +
VPNv2 ProfileXML XSD

Updated the XSD and Plug-in profile example for VPNv2 CSP.

+
AssignedAccess CSP

Added the following nodes in Windows 10, version 1803:

+
    +
  • Status
    • +
  • ShellLauncher
    • +
  • StatusConfiguration
    • +
+

Updated the AssigneAccessConfiguration schema. Starting in Windows 10, version 1803 AssignedAccess CSP is supported in HoloLens (1st gen) Commercial Suite. Added example for HoloLens (1st gen) Commercial Suite.

+
MultiSIM CSP

Added a new CSP in Windows 10, version 1803.

+
EnterpriseModernAppManagement CSP

Added the following node in Windows 10, version 1803:

+
    +
  • MaintainProcessorArchitectureOnUpdate
    • +
+
+ +## January 2018 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
Policy CSP

Added the following new policies for Windows 10, version 1803:

+
    +
  • Browser/AllowConfigurationUpdateForBooksLibrary
    • +
  • Browser/AlwaysEnableBooksLibrary
    • +
  • Browser/EnableExtendedBooksTelemetry
    • +
  • Browser/UseSharedFolderForBooks
    • +
  • DeliveryOptimization/DODelayBackgroundDownloadFromHttp
    • +
  • DeliveryOptimization/DODelayForegroundDownloadFromHttp
    • +
  • DeliveryOptimization/DOGroupIdSource
    • +
  • DeliveryOptimization/DOPercentageMaxBackDownloadBandwidth
    • +
  • DeliveryOptimization/DOPercentageMaxForeDownloadBandwidth
    • +
  • DeliveryOptimization/DORestrictPeerSelectionBy
    • +
  • DeliveryOptimization/DOSetHoursToLimitBackgroundDownloadBandwidth
    • +
  • DeliveryOptimization/DOSetHoursToLimitForegroundDownloadBandwidth
    • +
  • KioskBrowser/BlockedUrlExceptions
    • +
  • KioskBrowser/BlockedUrls
    • +
  • KioskBrowser/DefaultURL
    • +
  • KioskBrowser/EnableHomeButton
    • +
  • KioskBrowser/EnableNavigationButtons
    • +
  • KioskBrowser/RestartOnIdleTime
    • +
  • LocalPoliciesSecurityOptions/Devices_AllowUndockWithoutHavingToLogon
    • +
  • LocalPoliciesSecurityOptions/Devices_AllowedToFormatAndEjectRemovableMedia
    • +
  • LocalPoliciesSecurityOptions/Devices_PreventUsersFromInstallingPrinterDriversWhenConnectingToSharedPrinters
    • +
  • LocalPoliciesSecurityOptions/Devices_RestrictCDROMAccessToLocallyLoggedOnUserOnly
    • +
  • LocalPoliciesSecurityOptions/InteractiveLogon_SmartCardRemovalBehavior
    • +
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_DigitallySignCommunicationsIfServerAgrees
    • +
  • LocalPoliciesSecurityOptions/MicrosoftNetworkClient_SendUnencryptedPasswordToThirdPartySMBServers
    • +
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsAlways
    • +
  • LocalPoliciesSecurityOptions/MicrosoftNetworkServer_DigitallySignCommunicationsIfClientAgrees
    • +
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSAMAccounts
    • +
  • LocalPoliciesSecurityOptions/NetworkAccess_DoNotAllowAnonymousEnumerationOfSamAccountsAndShares
    • +
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictAnonymousAccessToNamedPipesAndShares
    • +
  • LocalPoliciesSecurityOptions/NetworkAccess_RestrictClientsAllowedToMakeRemoteCallsToSAM
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_DoNotStoreLANManagerHashValueOnNextPasswordChange
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_LANManagerAuthenticationLevel
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedClients
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_MinimumSessionSecurityForNTLMSSPBasedServers
    • +
  • LocalPoliciesSecurityOptions/Shutdown_ClearVirtualMemoryPageFile
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_DetectApplicationInstallationsAndPromptForElevation
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_UseAdminApprovalMode
    • +
  • RestrictedGroups/ConfigureGroupMembership
    • +
  • Search/AllowCortanaInAAD
    • +
  • Search/DoNotUseWebResults
    • +
  • Security/ConfigureWindowsPasswords
    • +
  • System/FeedbackHubAlwaysSaveDiagnosticsLocally
    • +
  • SystemServices/ConfigureHomeGroupListenerServiceStartupMode
    • +
  • SystemServices/ConfigureHomeGroupProviderServiceStartupMode
    • +
  • SystemServices/ConfigureXboxAccessoryManagementServiceStartupMode
    • +
  • SystemServices/ConfigureXboxLiveAuthManagerServiceStartupMode
    • +
  • SystemServices/ConfigureXboxLiveGameSaveServiceStartupMode
    • +
  • SystemServices/ConfigureXboxLiveNetworkingServiceStartupMode
    • +
  • TaskScheduler/EnableXboxGameSaveTask
    • +
  • TextInput/EnableTouchKeyboardAutoInvokeInDesktopMode
    • +
  • Update/ConfigureFeatureUpdateUninstallPeriod
    • +
  • UserRights/AccessCredentialManagerAsTrustedCaller
    • +
  • UserRights/AccessFromNetwork
    • +
  • UserRights/ActAsPartOfTheOperatingSystem
    • +
  • UserRights/AllowLocalLogOn
    • +
  • UserRights/BackupFilesAndDirectories
    • +
  • UserRights/ChangeSystemTime
    • +
  • UserRights/CreateGlobalObjects
    • +
  • UserRights/CreatePageFile
    • +
  • UserRights/CreatePermanentSharedObjects
    • +
  • UserRights/CreateSymbolicLinks
    • +
  • UserRights/CreateToken
    • +
  • UserRights/DebugPrograms
    • +
  • UserRights/DenyAccessFromNetwork
    • +
  • UserRights/DenyLocalLogOn
    • +
  • UserRights/DenyRemoteDesktopServicesLogOn
    • +
  • UserRights/EnableDelegation
    • +
  • UserRights/GenerateSecurityAudits
    • +
  • UserRights/ImpersonateClient
    • +
  • UserRights/IncreaseSchedulingPriority
    • +
  • UserRights/LoadUnloadDeviceDrivers
    • +
  • UserRights/LockMemory
    • +
  • UserRights/ManageAuditingAndSecurityLog
    • +
  • UserRights/ManageVolume
    • +
  • UserRights/ModifyFirmwareEnvironment
    • +
  • UserRights/ModifyObjectLabel
    • +
  • UserRights/ProfileSingleProcess
    • +
  • UserRights/RemoteShutdown
    • +
  • UserRights/RestoreFilesAndDirectories
    • +
  • UserRights/TakeOwnership
    • +
  • WindowsDefenderSecurityCenter/DisableAccountProtectionUI
    • +
  • WindowsDefenderSecurityCenter/DisableDeviceSecurityUI
    • +
  • WindowsDefenderSecurityCenter/HideRansomwareDataRecovery
    • +
  • WindowsDefenderSecurityCenter/HideSecureBoot
    • +
  • WindowsDefenderSecurityCenter/HideTPMTroubleshooting
    • +
+

Added the following policies the were added in Windows 10, version 1709

+
    +
  • DeviceLock/MinimumPasswordAge
    • +
  • Settings/AllowOnlineTips
    • +
  • System/DisableEnterpriseAuthProxy
    • +
+

Security/RequireDeviceEncryption - updated to show it is supported in desktop.

+
BitLocker CSP

Updated the description for AllowWarningForOtherDiskEncryption to describe changes added in Windows 10, version 1803.

+
EnterpriseModernAppManagement CSP

Added new node MaintainProcessorArchitectureOnUpdate in Windows 10, next major update.

+
DMClient CSP

Added ./User/Vendor/MSFT/DMClient/Provider/[ProviderID]/FirstSyncStatus node. Also added the following nodes in Windows 10, version 1803:

+
    +
  • AADSendDeviceToken
    • +
  • BlockInStatusPage
    • +
  • AllowCollectLogsButton
    • +
  • CustomErrorText
    • +
  • SkipDeviceStatusPage
    • +
  • SkipUserStatusPage
    • +
+
Defender CSP

Added new node (OfflineScan) in Windows 10, version 1803.

+
UEFI CSP

Added a new CSP in Windows 10, version 1803.

+
Update CSP

Added the following nodes in Windows 10, version 1803:

+
    +
  • Rollback
    • +
  • Rollback/FeatureUpdate
    • +
  • Rollback/QualityUpdateStatus
    • +
  • Rollback/FeatureUpdateStatus
    • +
+
+ +## December 2017 + + ++++ + + + + + + + + + + + +
New or updated articleDescription
Configuration service provider reference

Added new section CSP DDF files download

+
+ +## November 2017 + + ++++ + + + + + + + + + + + +
New or updated articleDescription
Policy CSP

Added the following policies for Windows 10, version 1709:

+
    +
  • Authentication/AllowFidoDeviceSignon
    • +
  • Cellular/LetAppsAccessCellularData
    • +
  • Cellular/LetAppsAccessCellularData_ForceAllowTheseApps
    • +
  • Cellular/LetAppsAccessCellularData_ForceDenyTheseApps
    • +
  • Cellular/LetAppsAccessCellularData_UserInControlOfTheseApps
    • +
  • Start/HidePeopleBar
    • +
  • Storage/EnhancedStorageDevices
    • +
  • Update/ManagePreviewBuilds
    • +
  • WirelessDisplay/AllowMdnsAdvertisement
    • +
  • WirelessDisplay/AllowMdnsDiscovery
    • +
+

Added missing policies from previous releases:

+
    +
  • Connectivity/DisallowNetworkConnectivityActiveTest
    • +
  • Search/AllowWindowsIndexer
    • +
+
+ +## October 2017 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
Policy DDF file

Updated the DDF content for Windows 10 version 1709. Added a link to the download of Policy DDF for Windows 10, version 1709.

+
Policy CSP

Updated the following policies:

+
    +
  • Defender/ControlledFolderAccessAllowedApplications - string separator is |.
    • +
  • Defender/ControlledFolderAccessProtectedFolders - string separator is |.
    • +
+
eUICCs CSP

Added new CSP in Windows 10, version 1709.

+
AssignedAccess CSP

Added SyncML examples for the new Configuration node.

+
DMClient CSP

Added new nodes to the DMClient CSP in Windows 10, version 1709. Updated the CSP and DDF topics.

+
+ +## September 2017 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
Policy CSP

Added the following new policies for Windows 10, version 1709:

+
    +
  • Authentication/AllowAadPasswordReset
    • +
  • Handwriting/PanelDefaultModeDocked
    • +
  • Search/AllowCloudSearch
    • +
  • System/LimitEnhancedDiagnosticDataWindowsAnalytics
    • +
+

Added new settings to Update/BranchReadinessLevel policy in Windows 10 version 1709.

+
AssignedAccess CSP

Starting in Windows 10, version 1709, AssignedAccess CSP is also supported in Windows 10 Pro.

+
Microsoft Store for Business and Microsoft Store

Windows Store for Business name changed to Microsoft Store for Business. Windows Store name changed to Microsoft Store.

+
The [MS-MDE2]: Mobile Device Enrollment Protocol Version 2

The Windows 10 enrollment protocol was updated. The following elements were added to the RequestSecurityToken message:

+
    +
  • UXInitiated - boolean value that indicates whether the enrollment is user initiated from the Settings page.
    • +
  • ExternalMgmtAgentHint - a string the agent uses to give hints the enrollment server may need.
    • +
  • DomainName - fully qualified domain name if the device is domain-joined.
    • +
+

For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.

+
EnterpriseAPN CSP

Added a SyncML example.

+
VPNv2 CSP

Added RegisterDNS setting in Windows 10, version 1709.

+
Enroll a Windows 10 device automatically using Group Policy

Added new topic to introduce a new Group Policy for automatic MDM enrollment.

+
MDM enrollment of Windows-based devices

New features in the Settings app:

+
    +
  • User sees installation progress of critical policies during MDM enrollment.
    • +
  • User knows what policies, profiles, apps MDM has configured
    • +
  • IT helpdesk can get detailed MDM diagnostic information using client tools
    • +
+

For details, see Managing connections and Collecting diagnostic logs

+
+ +## August 2017 + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
New or updated articleDescription
Enable ADMX-backed policies in MDM

Added new step-by-step guide to enable ADMX-backed policies.

+
Mobile device enrollment

Added the following statement:

+
    +
  • Devices that are joined to an on-premises Active Directory can enroll into MDM via the Work access page in Settings. However, the enrollment can only target the user enrolled with user-specific policies. Device targeted policies will continue to impact all users of the device.
    • +
+
CM_CellularEntries CSP

Updated the description of the PuposeGroups node to add the GUID for applications. This node is required instead of optional.

+
EnterpriseDataProtection CSP

Updated the Settings/EDPEnforcementLevel values to the following:

+
    +
  • 0 (default) – Off / No protection (decrypts previously protected data).
    • +
  • 1 – Silent mode (encrypt and audit only).
    • +
  • 2 – Allow override mode (encrypt, prompt and allow overrides, and audit).
    • +
  • 3 – Hides overrides (encrypt, prompt but hide overrides, and audit).
    • +
+
AppLocker CSP

Added two new SyncML examples (to disable the calendar app and to block usage of the map app) in Allow list examples.

+
DeviceManageability CSP

Added the following settings in Windows 10, version 1709:

+
    +
  • Provider/ProviderID/ConfigInfo
    • +
  • Provider/ProviderID/EnrollmentInfo
    • +
+
Office CSP

Added the following setting in Windows 10, version 1709:

+
    +
  • Installation/CurrentStatus
    • +
+
BitLocker CSPAdded information to the ADMX-backed policies. Changed the minimum personal identification number (PIN) length to 4 digits in SystemDrivesRequireStartupAuthentication and SystemDrivesMinimumPINLength in Windows 10, version 1709. +
Firewall CSPUpdated the CSP and DDF topics. Here are the changes: +
    +
  • Removed the two settings - FirewallRules/FirewallRuleName/FriendlyName and FirewallRules/FirewallRuleName/IcmpTypesAndCodes.
    • +
  • Changed some data types from integer to bool.
    • +
  • Updated the list of supported operations for some settings.
    • +
  • Added default values.
    • +
+
Policy DDF fileAdded another Policy DDF file download for the 8C release of Windows 10, version 1607, which added the following policies: +
    +
  • Browser/AllowMicrosoftCompatibilityList
    • +
  • Update/DisableDualScan
    • +
  • Update/FillEmptyContentUrls
    • +
+
Policy CSP

Added the following new policies for Windows 10, version 1709:

+
    +
  • Browser/ProvisionFavorites
    • +
  • Browser/LockdownFavorites
    • +
  • ExploitGuard/ExploitProtectionSettings
    • +
  • Games/AllowAdvancedGamingServices
    • +
  • LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts
    • +
  • LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly
    • +
  • LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount
    • +
  • LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount
    • +
  • LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked
    • +
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayLastSignedIn
    • +
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotDisplayUsernameAtSignIn
    • +
  • LocalPoliciesSecurityOptions/Interactivelogon_DoNotRequireCTRLALTDEL
    • +
  • LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit
    • +
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn
    • +
  • LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn
    • +
  • LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests
    • +
  • LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation
    • +
  • LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations
    • +
  • Privacy/EnableActivityFeed
    • +
  • Privacy/PublishUserActivities
    • +
  • Update/DisableDualScan
    • +
  • Update/AllowAutoWindowsUpdateDownloadOverMeteredNetwork
    • +
+

Changed the name of new policy to CredentialProviders/DisableAutomaticReDeploymentCredentials from CredentialProviders/EnableWindowsAutopilotResetCredentials.

+

Changed the names of the following policies:

+
    +
  • Defender/GuardedFoldersAllowedApplications to Defender/ControlledFolderAccessAllowedApplications
    • +
  • Defender/GuardedFoldersList to Defender/ControlledFolderAccessProtectedFolders
    • +
  • Defender/EnableGuardMyFolders to Defender/EnableControlledFolderAccess
    • +
+

Added links to the additional ADMX-backed BitLocker policies.

+

There were issues reported with the previous release of the following policies. These issues were fixed in Window 10, version 1709:

+
    +
  • Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts
    • +
  • Start/HideAppList
    • +
+
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md index 06e4d21323..6ab35ba018 100644 --- a/windows/client-management/mdm/devicestatus-csp.md +++ b/windows/client-management/mdm/devicestatus-csp.md @@ -36,9 +36,8 @@ Supported operation is Get. **DeviceStatus/CellularIdentities** Required. Node for queries on the SIM cards. -> **Note**  Multiple SIMs are supported. - - +>[!NOTE] +>Multiple SIMs are supported. **DeviceStatus/CellularIdentities/***IMEI* The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device. @@ -107,7 +106,7 @@ Supported operation is Get. Node for the compliance query. **DeviceStatus/Compliance/EncryptionCompliance** -Boolean value that indicates compliance with the enterprise encryption policy. The value is one of the following: +Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following: - 0 - not encrypted - 1 - encrypted diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md index 805f9ee481..d79b428c0e 100644 --- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md +++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md @@ -33,7 +33,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune]( ## Enable a policy > [!NOTE] -> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies). +> See [Understanding ADMX-backed policies in Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies). 1. Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description. - GP English name diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md index 1fae08c646..bf8a5ea5ad 100644 --- a/windows/client-management/mdm/firewall-csp.md +++ b/windows/client-management/mdm/firewall-csp.md @@ -248,10 +248,10 @@ Sample syncxml to provision the firewall settings to evaluate

Value type is string. Supported operations are Add, Get, Replace, and Delete.

**FirewallRules/*FirewallRuleName*/LocalAddressRanges** -

Comma separated list of local addresses covered by the rule. The default value is "". Valid tokens include:

+

Comma separated list of local addresses covered by the rule. The default value is "*". Valid tokens include: