mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
cleaned up code blocks
This commit is contained in:
Patti Short
parent
9d571e7327
commit
b702d689ff
@ -68,7 +68,7 @@ The XML below is for Windows 10, version 1803.
|
|||||||
<AccessType>
|
<AccessType>
|
||||||
<Add />
|
<Add />
|
||||||
</AccessType>
|
</AccessType>
|
||||||
<Description>This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect.</Description>
|
<Description>This node specifies the name for a device. This setting can be managed remotely. A couple of macros can be embedded within the value for dynamic substitution: %RAND:<# of digits>% and %SERIAL%. Examples: (a) "Test%RAND:6%" will generate a name "Test" followed by 6 random digits (e.g., "Test123456"). (b) "Foo%SERIAL%", will generate a name "Foo" followed by the serial number derived from device's ID. The server must explicitly reboot the device for this value to take effect.</Description>
|
||||||
<DFFormat>
|
<DFFormat>
|
||||||
<chr />
|
<chr />
|
||||||
</DFFormat>
|
</DFFormat>
|
||||||
|
|||||||
@ -89,7 +89,7 @@ Required. A character string that specifies the location of the icon associated
|
|||||||
|
|
||||||
Supported operations are Get, Replace, and Add (cannot Add after the account is created).
|
Supported operations are Get, Replace, and Add (cannot Add after the account is created).
|
||||||
|
|
||||||
The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired.
|
The account icon can be used as a tile in the **Start** list or an icon in the applications list under **Settings > email & accounts**. Some icons are already provided on the device. The suggested icon for POP/IMAP or generic ActiveSync accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.genericmail.png. The suggested icon for Exchange Accounts is at res://AccountSettingsSharedRes{*ScreenResolution*}!%s.office.outlook.png. Custom icons can be added if desired.
|
||||||
|
|
||||||
<a href="" id="account-guid-accounttype"></a>***Account GUID*/AccountType**
|
<a href="" id="account-guid-accounttype"></a>***Account GUID*/AccountType**
|
||||||
Required. A character string that specifies the account type.
|
Required. A character string that specifies the account type.
|
||||||
|
|||||||
File diff suppressed because it is too large
Load Diff
@ -106,7 +106,7 @@ ms.date: 06/26/2017
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppvClient</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppvClient</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><enabled/></Data>
|
<Data><enabled/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
```
|
```
|
||||||
@ -126,7 +126,7 @@ ms.date: 06/26/2017
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowPackageScripts</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowPackageScripts</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><enabled/></Data>
|
<Data><enabled/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
```
|
```
|
||||||
|
|||||||
@ -60,7 +60,7 @@ In the out-of-the-box scenario, the web view is 100% full screen, which gives th
|
|||||||
|
|
||||||
For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service as described in solution \#2 in [this article](https://go.microsoft.com/fwlink/?LinkId=690246).
|
For Azure AD enrollment to work for an Active Directory Federated Services (AD FS) backed Azure AD account, you must enable password authentication for the intranet on the ADFS service as described in solution \#2 in [this article](https://go.microsoft.com/fwlink/?LinkId=690246).
|
||||||
|
|
||||||
Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar.
|
Once a user has an Azure AD account added to Windows 10 and enrolled in MDM, the enrollment can be manages through **Settings** > **Accounts** > **Work access**. Device management of either Azure AD Join for corporate scenarios or BYOD scenarios are similar.
|
||||||
|
|
||||||
> **Note** Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
|
> **Note** Users cannot remove the device enrollment through the **Work access** user interface because management is tied to the Azure AD or work account.
|
||||||
|
|
||||||
@ -122,7 +122,7 @@ Use the following steps to register a cloud-based MDM application with Azure AD.
|
|||||||
6. Click **Add an application my organization is developing**.
|
6. Click **Add an application my organization is developing**.
|
||||||
7. Enter a friendly name for the application, such as ContosoMDM, select **Web Application and or Web API**, then click **Next**.
|
7. Enter a friendly name for the application, such as ContosoMDM, select **Web Application and or Web API**, then click **Next**.
|
||||||
8. Enter the login URL for your MDM service.
|
8. Enter the login URL for your MDM service.
|
||||||
9. For the App ID, enter **https://<your\_tenant\_name>/ContosoMDM**, then click OK.
|
9. For the App ID, enter **https://<your\_tenant\_name>/ContosoMDM**, then click OK.
|
||||||
10. While still in the Azure portal, click the **Configure** tab of your application.
|
10. While still in the Azure portal, click the **Configure** tab of your application.
|
||||||
11. Mark your application as **multi-tenant**.
|
11. Mark your application as **multi-tenant**.
|
||||||
12. Find the client ID value and copy it.
|
12. Find the client ID value and copy it.
|
||||||
|
|||||||
@ -33,7 +33,7 @@ The following diagram shows the BrowserFavorite configuration service provider i
|
|||||||
<a href="" id="favorite-name-------------"></a>***favorite name***
|
<a href="" id="favorite-name-------------"></a>***favorite name***
|
||||||
Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer.
|
Required. Specifies the user-friendly name of the favorite URL that is displayed in the Favorites list of Internet Explorer.
|
||||||
|
|
||||||
> **Note** The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |
|
> **Note** The *favorite name* should contain only characters that are valid in the Windows file system. The invalid characters are: \\ / : \* ? " < > |
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -194,7 +194,7 @@ Required. Specifies the root CA thumbprint. It is a 20-byte value of the SHA1 ce
|
|||||||
Supported operations are Get, Add, Delete, and Replace.
|
Supported operations are Get, Add, Delete, and Replace.
|
||||||
|
|
||||||
<a href="" id="my-scep-uniqueid-install-subjectalternativenames"></a>**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames**
|
<a href="" id="my-scep-uniqueid-install-subjectalternativenames"></a>**My/SCEP/*UniqueID*/Install/SubjectAlternativeNames**
|
||||||
Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *<nameformat1>*+*<actual name1>*;*<name format 2>*+*<actual name2>*. Value type is chr.
|
Optional. Specifies the subject alternative name. Multiple alternative names can be specified. Each name is the combination of name format+actual name. Refer to the name type definition in MSDN. Each pair is separated by semicolon. For example, multiple subject alternative names are presented in the format *<nameformat1>*+*<actual name1>*;*<name format 2>*+*<actual name2>*. Value type is chr.
|
||||||
|
|
||||||
Supported operations are Get, Add, Delete, and Replace.
|
Supported operations are Get, Add, Delete, and Replace.
|
||||||
|
|
||||||
@ -299,7 +299,7 @@ For ROBO renewal failure, the client retries the renewal periodically until the
|
|||||||
|
|
||||||
For manual retry failure, there are no built-in retries. The user can retry later. At the next scheduled certificate renewal retry period, the device prompts the credential dialog again.
|
For manual retry failure, there are no built-in retries. The user can retry later. At the next scheduled certificate renewal retry period, the device prompts the credential dialog again.
|
||||||
|
|
||||||
The default value is 7 and the valid values are 1 – 1000 AND =< RenewalPeriod, otherwise it will result in errors. Value type is an integer.
|
The default value is 7 and the valid values are 1 – 1000 AND =< RenewalPeriod, otherwise it will result in errors. Value type is an integer.
|
||||||
|
|
||||||
Supported operations are Add, Get, Delete, and Replace.
|
Supported operations are Add, Get, Delete, and Replace.
|
||||||
|
|
||||||
|
|||||||
@ -32,7 +32,7 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
|
|||||||
|
|
||||||
Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
|
Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
|
||||||
|
|
||||||
- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
|
- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
|
||||||
|
|
||||||
Here's a screenshot:
|
Here's a screenshot:
|
||||||
|
|
||||||
@ -138,7 +138,7 @@ Since there is no Event Viewer in Windows 10 Mobile, you can use the [Field Medi
|
|||||||
|
|
||||||
|
|
||||||
7. Save the logs. They will be stored in the Field Medic log location on the device.
|
7. Save the logs. They will be stored in the Field Medic log location on the device.
|
||||||
8. You can send the logs via email by attaching the files from **Documents > Field Medic > Reports > ...** folder.
|
8. You can send the logs via email by attaching the files from **Documents > Field Medic > Reports > ...** folder.
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
@ -124,7 +124,7 @@ A production ready deployment must have the appropriate certificate details as p
|
|||||||
|
|
||||||
EAP XML must be updated with relevant information for your environment This can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
|
EAP XML must be updated with relevant information for your environment This can be done either manually by editing the XML sample below, or by using the step by step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
|
||||||
|
|
||||||
- For Wi-Fi, look for the <EAPConfig> section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under <EAPConfig> with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
|
- For Wi-Fi, look for the <EAPConfig> section of your current WLAN Profile XML (This is what you specify for the WLanXml node in the Wi-Fi CSP). Within these tags you will find the complete EAP configuration. Replace the section under <EAPConfig> with your updated XML and update your Wi-Fi profile. You might need to refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
|
||||||
- For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field.
|
- For VPN, EAP Configuration is a separate field in the MDM Configuration. Work with your MDM provider to identify and update the appropriate Field.
|
||||||
|
|
||||||
For information about EAP Settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>
|
For information about EAP Settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>
|
||||||
|
|||||||
@ -302,7 +302,7 @@ Value is one of the following:
|
|||||||
|
|
||||||
When an application removal or configuration roll-back is provisioned, the EMAIL2 CSP passes the request to Configuration Manager, which handles the transaction externally. When a MAPI application is removed, the accounts that were created with it are deleted and all messages and other properties that the transport (for example, Short Message Service \[SMS\], Post Office Protocol \[POP\], or Simple Mail Transfer Protocol \[SMTP\]) might have stored, are lost. If an attempt to create a new email account is unsuccessful, the new account is automatically deleted. If an attempt to edit an existing account is unsuccessful, the original configuration is automatically rolled back (restored).
|
When an application removal or configuration roll-back is provisioned, the EMAIL2 CSP passes the request to Configuration Manager, which handles the transaction externally. When a MAPI application is removed, the accounts that were created with it are deleted and all messages and other properties that the transport (for example, Short Message Service \[SMS\], Post Office Protocol \[POP\], or Simple Mail Transfer Protocol \[SMTP\]) might have stored, are lost. If an attempt to create a new email account is unsuccessful, the new account is automatically deleted. If an attempt to edit an existing account is unsuccessful, the original configuration is automatically rolled back (restored).
|
||||||
|
|
||||||
For OMA DM, the EMAIL2 CSP handles the Replace command differently from most other configuration service providers. For the EMAIL2 CSP, Configuration Manager implicitly adds the missing part of the node to be replaced or any segment in the path of the node if it is left out in the <LocURI></LocURI> block. There are separate parameters defined for the outgoing server logon credentials. The following are the usage rules for these credentials:
|
For OMA DM, the EMAIL2 CSP handles the Replace command differently from most other configuration service providers. For the EMAIL2 CSP, Configuration Manager implicitly adds the missing part of the node to be replaced or any segment in the path of the node if it is left out in the \<LocURI>\</LocURI\> block. There are separate parameters defined for the outgoing server logon credentials. The following are the usage rules for these credentials:
|
||||||
|
|
||||||
- The incoming server logon credentials are used (AUTHNAME, AUTHSECRET, and DOMAIN) unless the outgoing server credentials are set.
|
- The incoming server logon credentials are used (AUTHNAME, AUTHSECRET, and DOMAIN) unless the outgoing server credentials are set.
|
||||||
|
|
||||||
|
|||||||
@ -70,7 +70,7 @@ Summary of steps to enable a policy:
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppVClient </LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/AllowAppVClient </LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><Enabled/></Data>
|
<Data><Enabled/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
<Final/>
|
<Final/>
|
||||||
@ -270,7 +270,7 @@ The \<Data> payload is \<disabled/>. Here is an example to disable AppVirtualiza
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><disabled/></Data>
|
<Data><disabled/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
<Final/>
|
<Final/>
|
||||||
|
|||||||
@ -40,7 +40,7 @@ Supported operations are Add, Delete, Get and Replace.
|
|||||||
The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.
|
The Apps and Settings sections of lockdown XML constitute an Allow list. Any app or setting that is not specified in AssignedAccessXML will not be available on the device to users. The following table describes the entries in lockdown XML.
|
||||||
|
|
||||||
> [!Important]
|
> [!Important]
|
||||||
> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability.
|
> When using the AssignedAccessXml in the EnterpriseAssignedAccess CSP through an MDM, the XML must use escaped characters, such as \< instead of < because it is embedded in an XML. The examples provided in the topic are formatted for readability.
|
||||||
|
|
||||||
When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.
|
When using the AssignedAccessXml in a provisioning package using the Windows Configuration Designer tool, do not use escaped characters.
|
||||||
|
|
||||||
@ -51,8 +51,8 @@ ActionCenter | Example: `<ActionCenter enabled="true"></ActionCenter>`
|
|||||||
ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)
|
ActionCenter | In Windows 10, when the Action Center is disabled, Above Lock notifications and toasts are also disabled. When the Action Center is enabled, the following policies are also enabled; **AboveLock/AllowActionCenterNotifications** and **AboveLock/AllowToasts**. For more information about these policies, see [Policy CSP](policy-configuration-service-provider.md)
|
||||||
ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `<ActionCenter enabled="true" aboveLockToastEnabled="0" actionCenterNotificationEnabled="0"/>`
|
ActionCenter | You can also add the following optional attributes to the ActionCenter element to override the default behavior: **aboveLockToastEnabled** and **actionCenterNotificationEnabled**. Valid values are 0 (policy disabled), 1 (policy enabled), and -1 (not set, policy enabled). In this example, the Action Center is enabled and both policies are disabled.: `<ActionCenter enabled="true" aboveLockToastEnabled="0" actionCenterNotificationEnabled="0"/>`
|
||||||
ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `<ActionCenter enabled="true" actionCenterNotificationEnabled="0"/>`
|
ActionCenter | These optional attributes are independent of each other. In this example, Action Center is enabled, the notifications policy is disabled, and the toast policy is enabled by default because it is not set. `<ActionCenter enabled="true" actionCenterNotificationEnabled="0"/>`
|
||||||
StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx.
|
StartScreenSize | Specify the size of the Start screen. In addition to 4/6 columns, you can also use 4/6/8 depending on screen resolutions. Valid values: **Small** - sets the width to 4 columns on device with short axis <400epx or 6 columns on devices with short axis >=400epx. **Large** - sets the width to 6 columns on devices with short axis <400epx or 8 columns on devices with short axis >=400epx.
|
||||||
StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `<StartScreenSize>Large</StartScreenSize>`
|
StartScreenSize | If you have existing lockdown XML, you must update it if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. Example: `<StartScreenSize>Large</StartScreenSize>`
|
||||||
Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid).
|
Application | Provide the product ID for each app that will be available on the device. You can find the product ID for a locally developed app in the AppManifest.xml file of the app. For the list of product ID and AUMID see [ProductIDs in Windows 10 Mobile](#productid).
|
||||||
Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `<Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail"/>`
|
Application | To turn on the notification for a Windows app, you must include the application's AUMID in the lockdown XML. However, the user can change the setting at any time from user interface. Example: `<Application productId="{A558FEBA-85D7-4665-B5D8-A2FF9C19799B}" aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail"/>`
|
||||||
Application | <img src="images/enterpriseassignedaccess-csp.png" alt="modern app notification" />
|
Application | <img src="images/enterpriseassignedaccess-csp.png" alt="modern app notification" />
|
||||||
@ -105,7 +105,7 @@ aumid="microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.m
|
|||||||
|
|
||||||
Entry | Description
|
Entry | Description
|
||||||
----------- | ------------
|
----------- | ------------
|
||||||
Folder | A folder should be contained in <Applications/> node among with other <Application/> nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder.
|
Folder | A folder should be contained in <Applications/> node among with other <Application/> nodes, it shares most grammar with the Application Node, **folderId** is mandatory, **folderName** is optional, which is the folder name displayed on Start. **folderId** is a unique unsigned integer for each folder.
|
||||||
|
|
||||||
Folder example:
|
Folder example:
|
||||||
``` syntax
|
``` syntax
|
||||||
@ -403,7 +403,7 @@ The Search and custom buttons can be <em>remapped</em> or configured to open a s
|
|||||||
>
|
>
|
||||||
> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
|
> Button remapping can enable a user to open an application that is not in the Allow list. Use button lock down to prevent application access for a user role.
|
||||||
|
|
||||||
To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.
|
To remap a button in lockdown XML, you supply the button name, the button event (typically "press"), and the product ID for the application the button will open.
|
||||||
|
|
||||||
``` syntax
|
``` syntax
|
||||||
<ButtonRemapList>
|
<ButtonRemapList>
|
||||||
@ -1199,7 +1199,7 @@ The following example shows how to add a new policy.
|
|||||||
<characteristic type="EnterpriseAssignedAccess">
|
<characteristic type="EnterpriseAssignedAccess">
|
||||||
<characteristic type="AssignedAccess">
|
<characteristic type="AssignedAccess">
|
||||||
<parm name=" AssignedAccessXml" datatype="string"
|
<parm name=" AssignedAccessXml" datatype="string"
|
||||||
value="<?xml version="1.0" encoding="utf-8"?><HandheldLockdown version="1.0"><Default><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="0"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><ButtonLockdownList><Button name="Start"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button><Button name="Camera"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button><Button name="Search"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button></ButtonLockdownList><ButtonRemapList/></Buttons><MenuItems><DisableMenuItems/></MenuItems></Default><RoleList><Role guid="{76C01983-A872-4C4E-B4C6-321EAC709CEA}" name="Associate"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><ButtonLockdownList><Button name="Start"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button><Button name="Camera"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button></ButtonLockdownList><ButtonRemapList/></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role><Role guid="{8ABB8A10-4418-4467-9E18-99D11FA54E30}" name="Manager"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /></Settings><Buttons><ButtonLockdownList><Button name="Start"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button></ButtonLockdownList><ButtonRemapList/></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role></RoleList></HandheldLockdown>"/>
|
value="<?xml version="1.0" encoding="utf-8"?><HandheldLockdown version="1.0"><Default><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="0"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><ButtonLockdownList><Button name="Start"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button><Button name="Camera"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button><Button name="Search"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button></ButtonLockdownList><ButtonRemapList/></Buttons><MenuItems><DisableMenuItems/></MenuItems></Default><RoleList><Role guid="{76C01983-A872-4C4E-B4C6-321EAC709CEA}" name="Associate"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><ButtonLockdownList><Button name="Start"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button><Button name="Camera"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button></ButtonLockdownList><ButtonRemapList/></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role><Role guid="{8ABB8A10-4418-4467-9E18-99D11FA54E30}" name="Manager"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /></Settings><Buttons><ButtonLockdownList><Button name="Start"><ButtonEvent name="Press" /><ButtonEvent name="PressAndHold" /></Button></ButtonLockdownList><ButtonRemapList/></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role></RoleList></HandheldLockdown>"/>
|
||||||
</characteristic>
|
</characteristic>
|
||||||
</characteristic>
|
</characteristic>
|
||||||
</wap-provisioningdoc>
|
</wap-provisioningdoc>
|
||||||
@ -1237,7 +1237,7 @@ The following example shows how to lock down a device.
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml</LocURI>
|
<LocURI>./Vendor/MSFT/EnterpriseAssignedAccess/AssignedAccess/AssignedAccessXml</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><?xml version="1.0" encoding="utf-8"?><HandheldLockdown version="1.0"><Default><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="2"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /><Button name="Camera" disableEvents="All" /><Button name="Search" disableEvents="All" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Default><RoleList><Role guid="{76C01983-A872-4C4E-B4C6-321EAC709CEA}" name="Associate"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /><Button name="Camera" disableEvents="All" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role><Role guid="{8ABB8A10-4418-4467-9E18-99D11FA54E30}" name="Manager"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role></RoleList></HandheldLockdown></Data>
|
<Data><?xml version="1.0" encoding="utf-8"?><HandheldLockdown version="1.0"><Default><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="2"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /><Button name="Camera" disableEvents="All" /><Button name="Search" disableEvents="All" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Default><RoleList><Role guid="{76C01983-A872-4C4E-B4C6-321EAC709CEA}" name="Associate"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5615}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /><System name="Microsoft.About" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /><Button name="Camera" disableEvents="All" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role><Role guid="{8ABB8A10-4418-4467-9E18-99D11FA54E30}" name="Manager"><Apps><Application productId="{5B04B775-356B-4AA0-AAF8-6491FFEA5612}" pinToStart="1"/></Apps><Settings><System name="Microsoft.Themes" /></Settings><Buttons><Button name="Start" disableEvents="PressAndHold" /></Buttons><MenuItems><DisableMenuItems/></MenuItems></Role></RoleList></HandheldLockdown></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Add>
|
</Add>
|
||||||
<Final/>
|
<Final/>
|
||||||
|
|||||||
@ -13,7 +13,7 @@ ms.date: 06/26/2017
|
|||||||
# EnterpriseAssignedAccess XSD
|
# EnterpriseAssignedAccess XSD
|
||||||
|
|
||||||
|
|
||||||
This XSD can be used to validate that the lockdown XML in the <Data> block of the AssignedAccessXML node.
|
This XSD can be used to validate that the lockdown XML in the \<Data\> block of the AssignedAccessXML node.
|
||||||
|
|
||||||
``` syntax
|
``` syntax
|
||||||
<?xml version="1.0" encoding="utf-16LE" ?>
|
<?xml version="1.0" encoding="utf-16LE" ?>
|
||||||
|
|||||||
@ -60,7 +60,7 @@ The following diagram shows the EnterpriseDataProtection CSP in tree format.
|
|||||||
|
|
||||||
<p style="margin-left: 20px">Here are the steps to create canonical domain names:
|
<p style="margin-left: 20px">Here are the steps to create canonical domain names:
|
||||||
|
|
||||||
1. Transform the ASCII characters (A-Z only) to lower case. For example, Microsoft.COM -> microsoft.com.
|
1. Transform the ASCII characters (A-Z only) to lower case. For example, Microsoft.COM -> microsoft.com.
|
||||||
2. Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags.
|
2. Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags.
|
||||||
3. Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0).
|
3. Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0).
|
||||||
|
|
||||||
|
|||||||
@ -32,7 +32,7 @@ The root node for the EnterpriseExt configuration service provider. Supported op
|
|||||||
Node for setting the custom device ID and string.
|
Node for setting the custom device ID and string.
|
||||||
|
|
||||||
<a href="" id="devicecustomdata-customid"></a>**DeviceCustomData/CustomID**
|
<a href="" id="devicecustomdata-customid"></a>**DeviceCustomData/CustomID**
|
||||||
Any string value as the device ID. This value appears in **Settings** > **About** > **Info**.
|
Any string value as the device ID. This value appears in **Settings** > **About** > **Info**.
|
||||||
|
|
||||||
Here's an example for getting custom data.
|
Here's an example for getting custom data.
|
||||||
|
|
||||||
|
|||||||
@ -593,7 +593,7 @@ Query the device for a specific app subcategory, such as nonStore apps.
|
|||||||
</Get>
|
</Get>
|
||||||
```
|
```
|
||||||
|
|
||||||
The result contains a list of apps, such as <Data>App1/App2/App3</Data>.
|
The result contains a list of apps, such as \<Data>App1/App2/App\</Data\>.
|
||||||
|
|
||||||
Subsequent query for a specific app for its properties.
|
Subsequent query for a specific app for its properties.
|
||||||
|
|
||||||
|
|||||||
@ -123,7 +123,7 @@ MTS requires calls to be authenticated using an Azure AD OAuth bearer token. The
|
|||||||
|
|
||||||
Here are the details for requesting an authorization token:
|
Here are the details for requesting an authorization token:
|
||||||
|
|
||||||
- Login Authority = https:<span></span>//login.windows.net/<TargetTenantId>
|
- Login Authority = https:<span></span>//login.windows.net/\<TargetTenantId\>
|
||||||
- Resource/audience\* = https:<span></span>//onestore.microsoft.com
|
- Resource/audience\* = https:<span></span>//onestore.microsoft.com
|
||||||
- ClientId = your AAD application client id
|
- ClientId = your AAD application client id
|
||||||
- ClientSecret = your AAD application client secret/key
|
- ClientSecret = your AAD application client secret/key
|
||||||
|
|||||||
@ -334,7 +334,7 @@ A Get operation on ./Vendor/MSFT/NodeCache/MDM%20SyncML%20Server/Nodes/20/Expect
|
|||||||
A Get operation on the ChangedNodesData returns an encoded XML. Here is example:
|
A Get operation on the ChangedNodesData returns an encoded XML. Here is example:
|
||||||
|
|
||||||
```syntax
|
```syntax
|
||||||
<Nodes><Node Id="10" Uri=""></Node><Node Id="20" Uri="./DevDetail/Ext/Microsoft/DeviceName">U09NRU5FV1ZBTFVF</Node></Nodes>
|
<Nodes><Node Id="10" Uri=""></Node><Node Id="20" Uri="./DevDetail/Ext/Microsoft/DeviceName">U09NRU5FV1ZBTFVF</Node></Nodes>
|
||||||
```
|
```
|
||||||
It represents this:
|
It represents this:
|
||||||
|
|
||||||
|
|||||||
@ -1420,12 +1420,12 @@ Related policy:
|
|||||||
|
|
||||||
If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
|
If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
|
||||||
|
|
||||||
<support.contoso.com><support.microsoft.com>
|
<support.contoso.com><support.microsoft.com>
|
||||||
|
|
||||||
If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
|
If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
|
||||||
|
|
||||||
Version 1703 or later:
|
Version 1703 or later:
|
||||||
If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
|
If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
|
||||||
|
|
||||||
Version 1809:
|
Version 1809:
|
||||||
If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
|
If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
|
||||||
@ -10603,12 +10603,12 @@ Related policy:
|
|||||||
|
|
||||||
If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
|
If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
|
||||||
|
|
||||||
<support.contoso.com><support.microsoft.com>
|
<support.contoso.com><support.microsoft.com>
|
||||||
|
|
||||||
If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
|
If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
|
||||||
|
|
||||||
Version 1703 or later:
|
Version 1703 or later:
|
||||||
If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
|
If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
|
||||||
|
|
||||||
Version 1809:
|
Version 1809:
|
||||||
If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
|
If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
|
||||||
@ -22414,12 +22414,12 @@ Related policy:
|
|||||||
|
|
||||||
If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
|
If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
|
||||||
|
|
||||||
<support.contoso.com><support.microsoft.com>
|
<support.contoso.com><support.microsoft.com>
|
||||||
|
|
||||||
If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
|
If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
|
||||||
|
|
||||||
Version 1703 or later:
|
Version 1703 or later:
|
||||||
If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
|
If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
|
||||||
|
|
||||||
Version 1809:
|
Version 1809:
|
||||||
If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
|
If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
|
||||||
@ -49724,12 +49724,12 @@ Related policy:
|
|||||||
|
|
||||||
If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
|
If enabled, you must include URLs to the pages, separating multiple pages using angle brackets in the following format:
|
||||||
|
|
||||||
<support.contoso.com><support.microsoft.com>
|
<support.contoso.com><support.microsoft.com>
|
||||||
|
|
||||||
If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
|
If disabled or not configured, the webpages specified in App settings loads as the default Start pages.
|
||||||
|
|
||||||
Version 1703 or later:
|
Version 1703 or later:
|
||||||
If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
|
If you do not want to send traffic to Microsoft, enable this policy and use the <about:blank> value, which honors domain- and non-domain-joined devices, when it is the only configured URL.
|
||||||
|
|
||||||
Version 1809:
|
Version 1809:
|
||||||
If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
|
If enabled, and you select either Start page, New Tab page, or previous page in the Configure Open Microsoft Edge With policy, Microsoft Edge ignores the Configure Start Pages policy. If not configured or you set the Configure Open Microsoft Edge With policy to a specific page or pages, Microsoft Edge uses the Configure Start Pages policy.
|
||||||
|
|||||||
@ -176,7 +176,7 @@ The following SyncML examples describe how to set a MDM policy that is defined b
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/PublishingAllowServer2</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><disabled/></Data>
|
<Data><disabled/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
<Final/>
|
<Final/>
|
||||||
@ -340,7 +340,7 @@ The `multiText` element simply corresponds to a REG_MULTISZ registry string and
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/VirtualComponentsAllowList</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/VirtualComponentsAllowList</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><enabled/><data id="Virtualization_JITVAllowList_Prompt" value="C:\QuickPatch\TEST\snot.exeC:\QuickPatch\TEST\foo.exeC:\QuickPatch\TEST\bar.exe"/></Data>
|
<Data><enabled/><data id="Virtualization_JITVAllowList_Prompt" value="C:\QuickPatch\TEST\snot.exeC:\QuickPatch\TEST\foo.exeC:\QuickPatch\TEST\bar.exe"/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
<Final/>
|
<Final/>
|
||||||
@ -384,7 +384,7 @@ Variations of the `list` element are dictated by attributes. These attributes ar
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./User/Vendor/MSFT/Policy/Config/InternetExplorer/DisableSecondaryHomePageChange</LocURI>
|
<LocURI>./User/Vendor/MSFT/Policy/Config/InternetExplorer/DisableSecondaryHomePageChange</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><Enabled/><Data id="SecondaryHomePagesList" value="http://name1http://name1http://name2http://name2"/></Data>
|
<Data><Enabled/><Data id="SecondaryHomePagesList" value="http://name1http://name1http://name2http://name2"/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
<Final/>
|
<Final/>
|
||||||
@ -416,7 +416,7 @@ Variations of the `list` element are dictated by attributes. These attributes ar
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableUpdateCheck</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/InternetExplorer/DisableUpdateCheck</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><Enabled/></Data>
|
<Data><Enabled/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
<Final/>
|
<Final/>
|
||||||
@ -470,8 +470,8 @@ Variations of the `list` element are dictated by attributes. These attributes ar
|
|||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/BitLocker/EncryptionMethodByDriveType</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/BitLocker/EncryptionMethodByDriveType</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data>
|
<Data>
|
||||||
<enabled/>
|
<enabled/>
|
||||||
<data id="EncryptionMethodWithXtsOsDropDown_Name" value="4"/>
|
<data id="EncryptionMethodWithXtsOsDropDown_Name" value="4"/>
|
||||||
</Data>
|
</Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
@ -507,8 +507,8 @@ Variations of the `list` element are dictated by attributes. These attributes ar
|
|||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/StreamingAllowReestablishmentInterval</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/AppVirtualization/StreamingAllowReestablishmentInterval</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data>
|
<Data>
|
||||||
<enabled/>
|
<enabled/>
|
||||||
<data id="Streaming_Reestablishment_Interval_Prompt" value="4"/>
|
<data id="Streaming_Reestablishment_Interval_Prompt" value="4"/>
|
||||||
</Data>
|
</Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
@ -560,8 +560,8 @@ Variations of the `list` element are dictated by attributes. These attributes ar
|
|||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data>
|
<Data>
|
||||||
<enabled/><data id="DeviceInstall_Classes_Deny_Retroactive" value="true"/>
|
<enabled/><data id="DeviceInstall_Classes_Deny_Retroactive" value="true"/>
|
||||||
<Data id="DeviceInstall_Classes_Deny_List" value="1deviceId12deviceId2"/>
|
<Data id="DeviceInstall_Classes_Deny_List" value="1deviceId12deviceId2"/>
|
||||||
</Data>
|
</Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
|
|||||||
@ -603,41 +603,41 @@ Profile example
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Vendor/MSFT/VPNv2/VPN_Demo/ProfileXML</LocURI>
|
<LocURI>./Vendor/MSFT/VPNv2/VPN_Demo/ProfileXML</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><VPNProfile>
|
<Data><VPNProfile>
|
||||||
<ProfileName>VPN_Demo</ProfileName>
|
<ProfileName>VPN_Demo</ProfileName>
|
||||||
<NativeProfile>
|
<NativeProfile>
|
||||||
<Servers>VPNServer.contoso.com</Servers>
|
<Servers>VPNServer.contoso.com</Servers>
|
||||||
<NativeProtocolType>Automatic</NativeProtocolType>
|
<NativeProtocolType>Automatic</NativeProtocolType>
|
||||||
<Authentication>
|
<Authentication>
|
||||||
<UserMethod>Eap</UserMethod>
|
<UserMethod>Eap</UserMethod>
|
||||||
<Eap>
|
<Eap>
|
||||||
<Configuration>
|
<Configuration>
|
||||||
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> <EapMethod> <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type> <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId> <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType> <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId> </EapMethod> <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> <Type>25</Type> <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"> <ServerValidation> <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation> <ServerNames></ServerNames> </ServerValidation> <FastReconnect>true</FastReconnect> <InnerEapOptional>false</InnerEapOptional> <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> <Type>13</Type> <EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> <CredentialsSource> <CertificateStore> <SimpleCertSelection>false</SimpleCertSelection> </CertificateStore> </CredentialsSource> <ServerValidation> <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation> <ServerNames></ServerNames> </ServerValidation> <DifferentUsername>false</DifferentUsername> <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation> <AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName> <TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2"> <FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3"> <EKUMapping> <EKUMap> <EKUName>Unknown Key Usage</EKUName> <EKUOID>1.3.6.1.4.1.311.87</EKUOID> </EKUMap> </EKUMapping> <ClientAuthEKUList Enabled="true"> <EKUMapInList> <EKUName>Unknown Key Usage</EKUName> </EKUMapInList> </ClientAuthEKUList> </FilteringInfo> </TLSExtensions> </EapType> </Eap> <EnableQuarantineChecks>false</EnableQuarantineChecks> <RequireCryptoBinding>false</RequireCryptoBinding> <PeapExtensions> <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation> <AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName> </PeapExtensions> </EapType> </Eap> </Config> </EapHostConfig>
|
<EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> <EapMethod> <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type> <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId> <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType> <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId> </EapMethod> <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"> <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> <Type>25</Type> <EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"> <ServerValidation> <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation> <ServerNames></ServerNames> </ServerValidation> <FastReconnect>true</FastReconnect> <InnerEapOptional>false</InnerEapOptional> <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"> <Type>13</Type> <EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"> <CredentialsSource> <CertificateStore> <SimpleCertSelection>false</SimpleCertSelection> </CertificateStore> </CredentialsSource> <ServerValidation> <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation> <ServerNames></ServerNames> </ServerValidation> <DifferentUsername>false</DifferentUsername> <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation> <AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName> <TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2"> <FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3"> <EKUMapping> <EKUMap> <EKUName>Unknown Key Usage</EKUName> <EKUOID>1.3.6.1.4.1.311.87</EKUOID> </EKUMap> </EKUMapping> <ClientAuthEKUList Enabled="true"> <EKUMapInList> <EKUName>Unknown Key Usage</EKUName> </EKUMapInList> </ClientAuthEKUList> </FilteringInfo> </TLSExtensions> </EapType> </Eap> <EnableQuarantineChecks>false</EnableQuarantineChecks> <RequireCryptoBinding>false</RequireCryptoBinding> <PeapExtensions> <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation> <AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName> </PeapExtensions> </EapType> </Eap> </Config> </EapHostConfig>
|
||||||
</Configuration>
|
</Configuration>
|
||||||
</Eap>
|
</Eap>
|
||||||
</Authentication>
|
</Authentication>
|
||||||
<RoutingPolicyType>SplitTunnel</RoutingPolicyType>
|
<RoutingPolicyType>SplitTunnel</RoutingPolicyType>
|
||||||
</NativeProfile>
|
</NativeProfile>
|
||||||
<DomainNameInformation>
|
<DomainNameInformation>
|
||||||
<DomainName>.contoso.com</DomainName>
|
<DomainName>.contoso.com</DomainName>
|
||||||
<DNSServers>10.5.5.5</DNSServers>
|
<DNSServers>10.5.5.5</DNSServers>
|
||||||
</DomainNameInformation>
|
</DomainNameInformation>
|
||||||
<TrafficFilter>
|
<TrafficFilter>
|
||||||
<App>%ProgramFiles%\Internet Explorer\iexplore.exe</App>
|
<App>%ProgramFiles%\Internet Explorer\iexplore.exe</App>
|
||||||
</TrafficFilter>
|
</TrafficFilter>
|
||||||
<TrafficFilter>
|
<TrafficFilter>
|
||||||
<App>Microsoft.MicrosoftEdge_8wekyb3d8bbwe</App>
|
<App>Microsoft.MicrosoftEdge_8wekyb3d8bbwe</App>
|
||||||
</TrafficFilter>
|
</TrafficFilter>
|
||||||
<Route>
|
<Route>
|
||||||
<Address>10.0.0.0</Address>
|
<Address>10.0.0.0</Address>
|
||||||
<PrefixSize>8</PrefixSize>
|
<PrefixSize>8</PrefixSize>
|
||||||
</Route>
|
</Route>
|
||||||
<Route>
|
<Route>
|
||||||
<Address>25.0.0.0</Address>
|
<Address>25.0.0.0</Address>
|
||||||
<PrefixSize>8</PrefixSize>
|
<PrefixSize>8</PrefixSize>
|
||||||
</Route>
|
</Route>
|
||||||
<RememberCredentials>true</RememberCredentials>
|
<RememberCredentials>true</RememberCredentials>
|
||||||
</VPNProfile></Data>
|
</VPNProfile></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Add>
|
</Add>
|
||||||
|
|
||||||
@ -1166,7 +1166,7 @@ PluginPackageFamilyName
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/PluginProfile/CustomConfiguration</LocURI>
|
<LocURI>./Vendor/MSFT/VPNv2/VPNProfileName/PluginProfile/CustomConfiguration</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><pluginschema><ipAddress>auto</ipAddress><port>443</port><networksettings><routes><includev4><route><address>172.10.10.0</address><prefix>24</prefix></route></includev4></routes><namespaces><namespace><space>.vpnbackend.com</space><dnsservers><server>172.10.10.11</server></dnsservers></namespace></namespaces></networksettings></pluginschema></Data>
|
<Data><pluginschema><ipAddress>auto</ipAddress><port>443</port><networksettings><routes><includev4><route><address>172.10.10.0</address><prefix>24</prefix></route></includev4></routes><namespaces><namespace><space>.vpnbackend.com</space><dnsservers><server>172.10.10.11</server></dnsservers></namespace></namespaces></networksettings></pluginschema></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Add>
|
</Add>
|
||||||
```
|
```
|
||||||
|
|||||||
@ -347,7 +347,7 @@ Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some pro
|
|||||||
<PluginProfile>
|
<PluginProfile>
|
||||||
<ServerUrlList>testserver1.contoso.com;testserver2.contoso..com</ServerUrlList>
|
<ServerUrlList>testserver1.contoso.com;testserver2.contoso..com</ServerUrlList>
|
||||||
<PluginPackageFamilyName>JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy</PluginPackageFamilyName>
|
<PluginPackageFamilyName>JuniperNetworks.JunosPulseVpn_cw5n1h2txyewy</PluginPackageFamilyName>
|
||||||
<CustomConfiguration><pulse-schema><isSingleSignOnCredential>true</isSingleSignOnCredential></pulse-schema></CustomConfiguration>
|
<CustomConfiguration><pulse-schema><isSingleSignOnCredential>true</isSingleSignOnCredential></pulse-schema></CustomConfiguration>
|
||||||
</PluginProfile>
|
</PluginProfile>
|
||||||
<Route>
|
<Route>
|
||||||
<Address>192.168.0.0</Address>
|
<Address>192.168.0.0</Address>
|
||||||
|
|||||||
@ -23,7 +23,7 @@ Programming considerations:
|
|||||||
- Because the Windows 10 Mobile emulator does not support Wi-Fi, you cannot test the Wi-Fi configuration with an emulator. You can still provision a Wi-Fi network using the WiFi CSP, then check it in the Wi-Fi settings page, but you cannot test the network connectivity in the emulator.
|
- Because the Windows 10 Mobile emulator does not support Wi-Fi, you cannot test the Wi-Fi configuration with an emulator. You can still provision a Wi-Fi network using the WiFi CSP, then check it in the Wi-Fi settings page, but you cannot test the network connectivity in the emulator.
|
||||||
- For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it is stored on the device.
|
- For WEP, WPA, and WPA2-based networks, include the passkey in the network configuration in plaintext. The passkey is encrypted automatically when it is stored on the device.
|
||||||
- The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping are not supported.
|
- The SSID of the Wi-Fi network part of the LocURI node must be a valid URI based on RFC 2396. This requires that all non-ASCII characters must be escaped using a %-character. Unicode characters without the necessary escaping are not supported.
|
||||||
- The <name>*name\_goes\_here*</name><SSIDConfig> must match <SSID><name> *name\_goes\_here*</name></SSID>.
|
- The <name>*name\_goes\_here*</name><SSIDConfig> must match <SSID><name> *name\_goes\_here*</name></SSID>.
|
||||||
- For the WiFi CSP, you cannot use the Replace command unless the node already exists.
|
- For the WiFi CSP, you cannot use the Replace command unless the node already exists.
|
||||||
- Using Proxyis only supported in Windows 10 Mobile. Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure.
|
- Using Proxyis only supported in Windows 10 Mobile. Using this configuration in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) will result in failure.
|
||||||
|
|
||||||
@ -41,10 +41,10 @@ Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is
|
|||||||
|
|
||||||
Supported operation is Get.
|
Supported operation is Get.
|
||||||
|
|
||||||
<a href="" id="-ssid-"></a>***<SSID>***
|
<a href="" id="-ssid-"></a>***<SSID>***
|
||||||
Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. The SSID is added when the WlanXML node is added. When the SSID node is deleted, then all the subnodes are also deleted.
|
Specifies the name of the Wi-Fi network (32 bytes maximum) to create, configure, query, or delete. The name is case sensitive and can be represented in ASCII. The SSID is added when the WlanXML node is added. When the SSID node is deleted, then all the subnodes are also deleted.
|
||||||
|
|
||||||
SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, <LocURI>./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml</LocURI>.
|
SSID is the name of network you are connecting to, while Profile name is the name of the Profile which contains the WiFi settings information. If the Profile name is not set right in the MDM SyncML, as per the information in the WiFi settings XML, it could lead to some unexpected errors. For example, <LocURI>./Vendor/MSFT/WiFi/Profile/<*MUST BE NAME OF PROFILE AS PER WIFI XML*>/WlanXml</LocURI>.
|
||||||
|
|
||||||
The supported operations are Add, Get, Delete, and Replace.
|
The supported operations are Add, Get, Delete, and Replace.
|
||||||
|
|
||||||
@ -130,7 +130,7 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID 'MyNetwor
|
|||||||
<Meta>
|
<Meta>
|
||||||
<Format xmlns="syncml:metinf">chr</Format>
|
<Format xmlns="syncml:metinf">chr</Format>
|
||||||
</Meta>
|
</Meta>
|
||||||
<Data><?xml version="1.0"?><WLANProfile xmlns="http://contoso.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><hex>412D4D534654574C414E</hex><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://contoso.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://contoso.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://contoso.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://contoso.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://contoso.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://contoso.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://contoso.com/provisioning/EapHostConfig"><Eap xmlns="http://contoso.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://contoso.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://contoso.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation><AcceptServerName xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile> </Data>
|
<Data><?xml version="1.0"?><WLANProfile xmlns="http://contoso.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><hex>412D4D534654574C414E</hex><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://contoso.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://contoso.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://contoso.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://contoso.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://contoso.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://contoso.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://contoso.com/provisioning/EapHostConfig"><Eap xmlns="http://contoso.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://contoso.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://contoso.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV2">false</PerformServerValidation><AcceptServerName xmlns="http://contoso.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile> </Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Add>
|
</Add>
|
||||||
<Add>
|
<Add>
|
||||||
@ -215,7 +215,7 @@ The following example shows how to add PEAP-MSCHAPv2 network with SSID ‘MyNetw
|
|||||||
<Meta>
|
<Meta>
|
||||||
<Format xmlns="syncml:metinf">chr</Format>
|
<Format xmlns="syncml:metinf">chr</Format>
|
||||||
</Meta>
|
</Meta>
|
||||||
<Data><?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA> InsertCertThumbPrintHere </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile> </Data>
|
<Data><?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1"><name>MyNetwork</name><SSIDConfig><SSID><name>MyNetwork</name></SSID><nonBroadcast>false</nonBroadcast></SSIDConfig><connectionType>ESS</connectionType><connectionMode>manual</connectionMode><MSM><security><authEncryption><authentication>WPA2</authentication><encryption>AES</encryption><useOneX>true</useOneX></authEncryption><OneX xmlns="http://www.microsoft.com/networking/OneX/v1"><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">25</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>25</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV1"><ServerValidation><DisableUserPromptForServerValidation>true</DisableUserPromptForServerValidation><ServerNames></ServerNames><TrustedRootCA> InsertCertThumbPrintHere </TrustedRootCA></ServerValidation><FastReconnect>true</FastReconnect><InnerEapOptional>false</InnerEapOptional><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>false</UseWinLogonCredentials></EapType></Eap><EnableQuarantineChecks>false</EnableQuarantineChecks><RequireCryptoBinding>false</RequireCryptoBinding><PeapExtensions><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">true</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/MsPeapConnectionPropertiesV2">false</AcceptServerName></PeapExtensions></EapType></Eap></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile> </Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Add>
|
</Add>
|
||||||
</Atomic>
|
</Atomic>
|
||||||
|
|||||||
@ -205,136 +205,136 @@ The following example shows an ADMX file in SyncML format:
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/ContosoCompanyApp/Policy/AppAdmxFile01</LocURI>
|
<LocURI>./Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/ContosoCompanyApp/Policy/AppAdmxFile01</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><policyDefinitions revision="1.0" schemaVersion="1.0">
|
<Data><policyDefinitions revision="1.0" schemaVersion="1.0">
|
||||||
<categories>
|
<categories>
|
||||||
<category name="ParentCategoryArea"/>
|
<category name="ParentCategoryArea"/>
|
||||||
<category name="Category1">
|
<category name="Category1">
|
||||||
<parentCategory ref="ParentCategoryArea" />
|
<parentCategory ref="ParentCategoryArea" />
|
||||||
</category>
|
</category>
|
||||||
<category name="Category2">
|
<category name="Category2">
|
||||||
<parentCategory ref="ParentCategoryArea" />
|
<parentCategory ref="ParentCategoryArea" />
|
||||||
</category>
|
</category>
|
||||||
<category name="Category3">
|
<category name="Category3">
|
||||||
<parentCategory ref="Category2" />
|
<parentCategory ref="Category2" />
|
||||||
</category>
|
</category>
|
||||||
</categories>
|
</categories>
|
||||||
<policies>
|
<policies>
|
||||||
<policy name="L_PolicyConfigurationMode" class="Machine" displayName="$(string.L_PolicyConfigurationMode)" explainText="$(string.L_ExplainText_ConfigurationMode)" presentation="$(presentation.L_PolicyConfigurationMode)" key="software\policies\contoso\companyApp" valueName="configurationmode">
|
<policy name="L_PolicyConfigurationMode" class="Machine" displayName="$(string.L_PolicyConfigurationMode)" explainText="$(string.L_ExplainText_ConfigurationMode)" presentation="$(presentation.L_PolicyConfigurationMode)" key="software\policies\contoso\companyApp" valueName="configurationmode">
|
||||||
<parentCategory ref="Category1" />
|
<parentCategory ref="Category1" />
|
||||||
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
||||||
<enabledValue>
|
<enabledValue>
|
||||||
<decimal value="1" />
|
<decimal value="1" />
|
||||||
</enabledValue>
|
</enabledValue>
|
||||||
<disabledValue>
|
<disabledValue>
|
||||||
<decimal value="0" />
|
<decimal value="0" />
|
||||||
</disabledValue>
|
</disabledValue>
|
||||||
<elements>
|
<elements>
|
||||||
<text id="L_ServerAddressInternal_VALUE" key="software\policies\contoso\companyApp" valueName="serveraddressinternal" required="true" />
|
<text id="L_ServerAddressInternal_VALUE" key="software\policies\contoso\companyApp" valueName="serveraddressinternal" required="true" />
|
||||||
<text id="L_ServerAddressExternal_VALUE" key="software\policies\contoso\companyApp" valueName="serveraddressexternal" required="true" />
|
<text id="L_ServerAddressExternal_VALUE" key="software\policies\contoso\companyApp" valueName="serveraddressexternal" required="true" />
|
||||||
</elements>
|
</elements>
|
||||||
</policy>
|
</policy>
|
||||||
<policy name="L_PolicyEnableSIPHighSecurityMode" class="Machine" displayName="$(string.L_PolicyEnableSIPHighSecurityMode)" explainText="$(string.L_ExplainText_EnableSIPHighSecurityMode)" presentation="$(presentation.L_PolicyEnableSIPHighSecurityMode)" key="software\policies\contoso\companyApp" valueName="enablesiphighsecuritymode">
|
<policy name="L_PolicyEnableSIPHighSecurityMode" class="Machine" displayName="$(string.L_PolicyEnableSIPHighSecurityMode)" explainText="$(string.L_ExplainText_EnableSIPHighSecurityMode)" presentation="$(presentation.L_PolicyEnableSIPHighSecurityMode)" key="software\policies\contoso\companyApp" valueName="enablesiphighsecuritymode">
|
||||||
<parentCategory ref="Category1" />
|
<parentCategory ref="Category1" />
|
||||||
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
||||||
<enabledValue>
|
<enabledValue>
|
||||||
<decimal value="1" />
|
<decimal value="1" />
|
||||||
</enabledValue>
|
</enabledValue>
|
||||||
<disabledValue>
|
<disabledValue>
|
||||||
<decimal value="0" />
|
<decimal value="0" />
|
||||||
</disabledValue>
|
</disabledValue>
|
||||||
</policy>
|
</policy>
|
||||||
<policy name="L_PolicySipCompression" class="Machine" displayName="$(string.L_PolicySipCompression)" explainText="$(string.L_ExplainText_SipCompression)" presentation="$(presentation.L_PolicySipCompression)" key="software\policies\contoso\companyApp">
|
<policy name="L_PolicySipCompression" class="Machine" displayName="$(string.L_PolicySipCompression)" explainText="$(string.L_ExplainText_SipCompression)" presentation="$(presentation.L_PolicySipCompression)" key="software\policies\contoso\companyApp">
|
||||||
<parentCategory ref="Category1" />
|
<parentCategory ref="Category1" />
|
||||||
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
||||||
<elements>
|
<elements>
|
||||||
<enum id="L_PolicySipCompression" valueName="sipcompression">
|
<enum id="L_PolicySipCompression" valueName="sipcompression">
|
||||||
<item displayName="$(string.L_SipCompressionVal0)">
|
<item displayName="$(string.L_SipCompressionVal0)">
|
||||||
<value>
|
<value>
|
||||||
<decimal value="0" />
|
<decimal value="0" />
|
||||||
</value>
|
</value>
|
||||||
</item>
|
</item>
|
||||||
<item displayName="$(string.L_SipCompressionVal1)">
|
<item displayName="$(string.L_SipCompressionVal1)">
|
||||||
<value>
|
<value>
|
||||||
<decimal value="1" />
|
<decimal value="1" />
|
||||||
</value>
|
</value>
|
||||||
</item>
|
</item>
|
||||||
<item displayName="$(string.L_SipCompressionVal2)">
|
<item displayName="$(string.L_SipCompressionVal2)">
|
||||||
<value>
|
<value>
|
||||||
<decimal value="2" />
|
<decimal value="2" />
|
||||||
</value>
|
</value>
|
||||||
</item>
|
</item>
|
||||||
<item displayName="$(string.L_SipCompressionVal3)">
|
<item displayName="$(string.L_SipCompressionVal3)">
|
||||||
<value>
|
<value>
|
||||||
<decimal value="3" />
|
<decimal value="3" />
|
||||||
</value>
|
</value>
|
||||||
</item>
|
</item>
|
||||||
</enum>
|
</enum>
|
||||||
</elements>
|
</elements>
|
||||||
</policy>
|
</policy>
|
||||||
<policy name="L_PolicyPreventRun" class="Machine" displayName="$(string.L_PolicyPreventRun)" explainText="$(string.L_ExplainText_PreventRun)" presentation="$(presentation.L_PolicyPreventRun)" key="software\policies\contoso\companyApp" valueName="preventrun">
|
<policy name="L_PolicyPreventRun" class="Machine" displayName="$(string.L_PolicyPreventRun)" explainText="$(string.L_ExplainText_PreventRun)" presentation="$(presentation.L_PolicyPreventRun)" key="software\policies\contoso\companyApp" valueName="preventrun">
|
||||||
<parentCategory ref="Category1" />
|
<parentCategory ref="Category1" />
|
||||||
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
||||||
<enabledValue>
|
<enabledValue>
|
||||||
<decimal value="1" />
|
<decimal value="1" />
|
||||||
</enabledValue>
|
</enabledValue>
|
||||||
<disabledValue>
|
<disabledValue>
|
||||||
<decimal value="0" />
|
<decimal value="0" />
|
||||||
</disabledValue>
|
</disabledValue>
|
||||||
</policy>
|
</policy>
|
||||||
<policy name="L_PolicyConfiguredServerCheckValues" class="Machine" displayName="$(string.L_PolicyConfiguredServerCheckValues)" explainText="$(string.L_ExplainText_ConfiguredServerCheckValues)" presentation="$(presentation.L_PolicyConfiguredServerCheckValues)" key="software\policies\contoso\companyApp">
|
<policy name="L_PolicyConfiguredServerCheckValues" class="Machine" displayName="$(string.L_PolicyConfiguredServerCheckValues)" explainText="$(string.L_ExplainText_ConfiguredServerCheckValues)" presentation="$(presentation.L_PolicyConfiguredServerCheckValues)" key="software\policies\contoso\companyApp">
|
||||||
<parentCategory ref="Category2" />
|
<parentCategory ref="Category2" />
|
||||||
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
||||||
<elements>
|
<elements>
|
||||||
<text id="L_ConfiguredServerCheckValues_VALUE" valueName="configuredservercheckvalues" required="true" />
|
<text id="L_ConfiguredServerCheckValues_VALUE" valueName="configuredservercheckvalues" required="true" />
|
||||||
</elements>
|
</elements>
|
||||||
</policy>
|
</policy>
|
||||||
<policy name="L_PolicySipCompression_1" class="User" displayName="$(string.L_PolicySipCompression)" explainText="$(string.L_ExplainText_SipCompression)" presentation="$(presentation.L_PolicySipCompression_1)" key="software\policies\contoso\companyApp">
|
<policy name="L_PolicySipCompression_1" class="User" displayName="$(string.L_PolicySipCompression)" explainText="$(string.L_ExplainText_SipCompression)" presentation="$(presentation.L_PolicySipCompression_1)" key="software\policies\contoso\companyApp">
|
||||||
<parentCategory ref="Category2" />
|
<parentCategory ref="Category2" />
|
||||||
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
||||||
<elements>
|
<elements>
|
||||||
<enum id="L_PolicySipCompression" valueName="sipcompression">
|
<enum id="L_PolicySipCompression" valueName="sipcompression">
|
||||||
<item displayName="$(string.L_SipCompressionVal0)">
|
<item displayName="$(string.L_SipCompressionVal0)">
|
||||||
<value>
|
<value>
|
||||||
<decimal value="0" />
|
<decimal value="0" />
|
||||||
</value>
|
</value>
|
||||||
</item>
|
</item>
|
||||||
<item displayName="$(string.L_SipCompressionVal1)">
|
<item displayName="$(string.L_SipCompressionVal1)">
|
||||||
<value>
|
<value>
|
||||||
<decimal value="1" />
|
<decimal value="1" />
|
||||||
</value>
|
</value>
|
||||||
</item>
|
</item>
|
||||||
<item displayName="$(string.L_SipCompressionVal2)">
|
<item displayName="$(string.L_SipCompressionVal2)">
|
||||||
<value>
|
<value>
|
||||||
<decimal value="2" />
|
<decimal value="2" />
|
||||||
</value>
|
</value>
|
||||||
</item>
|
</item>
|
||||||
<item displayName="$(string.L_SipCompressionVal3)">
|
<item displayName="$(string.L_SipCompressionVal3)">
|
||||||
<value>
|
<value>
|
||||||
<decimal value="3" />
|
<decimal value="3" />
|
||||||
</value>
|
</value>
|
||||||
</item>
|
</item>
|
||||||
</enum>
|
</enum>
|
||||||
</elements>
|
</elements>
|
||||||
</policy>
|
</policy>
|
||||||
<policy name="L_PolicyPreventRun_1" class="User" displayName="$(string.L_PolicyPreventRun)" explainText="$(string.L_ExplainText_PreventRun)" presentation="$(presentation.L_PolicyPreventRun_1)" key="software\policies\contoso\companyApp" valueName="preventrun">
|
<policy name="L_PolicyPreventRun_1" class="User" displayName="$(string.L_PolicyPreventRun)" explainText="$(string.L_ExplainText_PreventRun)" presentation="$(presentation.L_PolicyPreventRun_1)" key="software\policies\contoso\companyApp" valueName="preventrun">
|
||||||
<parentCategory ref="Category3" />
|
<parentCategory ref="Category3" />
|
||||||
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
||||||
<enabledValue>
|
<enabledValue>
|
||||||
<decimal value="1" />
|
<decimal value="1" />
|
||||||
</enabledValue>
|
</enabledValue>
|
||||||
<disabledValue>
|
<disabledValue>
|
||||||
<decimal value="0" />
|
<decimal value="0" />
|
||||||
</disabledValue>
|
</disabledValue>
|
||||||
</policy>
|
</policy>
|
||||||
<policy name="L_PolicyGalDownloadInitialDelay_1" class="User" displayName="$(string.L_PolicyGalDownloadInitialDelay)" explainText="$(string.L_ExplainText_GalDownloadInitialDelay)" presentation="$(presentation.L_PolicyGalDownloadInitialDelay_1)" key="software\policies\contoso\companyApp">
|
<policy name="L_PolicyGalDownloadInitialDelay_1" class="User" displayName="$(string.L_PolicyGalDownloadInitialDelay)" explainText="$(string.L_ExplainText_GalDownloadInitialDelay)" presentation="$(presentation.L_PolicyGalDownloadInitialDelay_1)" key="software\policies\contoso\companyApp">
|
||||||
<parentCategory ref="Category3" />
|
<parentCategory ref="Category3" />
|
||||||
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
<supportedOn ref="windows:SUPPORTED_Windows7" />
|
||||||
<elements>
|
<elements>
|
||||||
<decimal id="L_GalDownloadInitialDelay_VALUE" valueName="galdownloadinitialdelay" minValue="0" required="true" />
|
<decimal id="L_GalDownloadInitialDelay_VALUE" valueName="galdownloadinitialdelay" minValue="0" required="true" />
|
||||||
</elements>
|
</elements>
|
||||||
</policy>
|
</policy>
|
||||||
</policies>
|
</policies>
|
||||||
</policyDefinitions></Data>
|
</policyDefinitions></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Add>
|
</Add>
|
||||||
<Final/>
|
<Final/>
|
||||||
@ -423,7 +423,7 @@ The following examples describe how to set an ADMX-ingested app policy.
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/ContosoCompanyApp~ Policy~ParentCategoryArea~Category1/L_PolicyConfigurationMode</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/ContosoCompanyApp~ Policy~ParentCategoryArea~Category1/L_PolicyConfigurationMode</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><enabled/><data id="L_ServerAddressInternal_VALUE" value="TextValue1"/><data id="L_ServerAddressExternal_VALUE" value="TextValue2"/></Data>
|
<Data><enabled/><data id="L_ServerAddressInternal_VALUE" value="TextValue1"/><data id="L_ServerAddressExternal_VALUE" value="TextValue2"/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
<Final/>
|
<Final/>
|
||||||
@ -457,7 +457,7 @@ The following examples describe how to set an ADMX-ingested app policy.
|
|||||||
<Target>
|
<Target>
|
||||||
<LocURI>./Device/Vendor/MSFT/Policy/Config/ContosoCompanyApp~ Policy~ParentCategoryArea~Category1/L_PolicyConfigurationMode</LocURI>
|
<LocURI>./Device/Vendor/MSFT/Policy/Config/ContosoCompanyApp~ Policy~ParentCategoryArea~Category1/L_PolicyConfigurationMode</LocURI>
|
||||||
</Target>
|
</Target>
|
||||||
<Data><disabled/></Data>
|
<Data><disabled/></Data>
|
||||||
</Item>
|
</Item>
|
||||||
</Replace>
|
</Replace>
|
||||||
<Final/>
|
<Final/>
|
||||||
|
|||||||
@ -65,7 +65,7 @@ To perform a "wipe and persist" reset, preserving the provisioning applied to th
|
|||||||
## Reset using the UI
|
## Reset using the UI
|
||||||
|
|
||||||
|
|
||||||
1. On your mobile device, go to **Settings** > **System** > **About** > **Reset your Phone**
|
1. On your mobile device, go to **Settings** > **System** > **About** > **Reset your Phone**
|
||||||
|
|
||||||
2. When you tap **Reset your phone**, the dialog box will present an option to **Also remove provisioned content** if:
|
2. When you tap **Reset your phone**, the dialog box will present an option to **Also remove provisioned content** if:
|
||||||
|
|
||||||
|
|||||||
@ -32,54 +32,54 @@ $nameSpaceName="root\cimv2\mdm\dmmap"
|
|||||||
$className="MDM_AssignedAccess"
|
$className="MDM_AssignedAccess"
|
||||||
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
|
$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
|
||||||
$obj.Configuration = @"
|
$obj.Configuration = @"
|
||||||
<?xml version="1.0" encoding="utf-8" ?>
|
<?xml version="1.0" encoding="utf-8" ?>
|
||||||
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
|
<AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
|
||||||
<Profiles>
|
<Profiles>
|
||||||
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
|
<Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
|
||||||
<AllAppsList>
|
<AllAppsList>
|
||||||
<AllowedApps>
|
<AllowedApps>
|
||||||
<App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
|
<App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
|
||||||
<App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
|
<App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
|
||||||
<App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
|
<App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
|
||||||
<App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
|
<App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
|
||||||
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
|
<App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
|
||||||
<App DesktopAppPath="%windir%\system32\mspaint.exe" />
|
<App DesktopAppPath="%windir%\system32\mspaint.exe" />
|
||||||
<App DesktopAppPath="C:\Windows\System32\notepad.exe" />
|
<App DesktopAppPath="C:\Windows\System32\notepad.exe" />
|
||||||
</AllowedApps>
|
</AllowedApps>
|
||||||
</AllAppsList>
|
</AllAppsList>
|
||||||
<StartLayout>
|
<StartLayout>
|
||||||
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
|
<![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout" xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
|
||||||
<LayoutOptions StartTileGroupCellWidth="6" />
|
<LayoutOptions StartTileGroupCellWidth="6" />
|
||||||
<DefaultLayoutOverride>
|
<DefaultLayoutOverride>
|
||||||
<StartLayoutCollection>
|
<StartLayoutCollection>
|
||||||
<defaultlayout:StartLayout GroupCellWidth="6">
|
<defaultlayout:StartLayout GroupCellWidth="6">
|
||||||
<start:Group Name="Group1">
|
<start:Group Name="Group1">
|
||||||
<start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
|
<start:Tile Size="4x4" Column="0" Row="0" AppUserModelID="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" />
|
||||||
<start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
|
<start:Tile Size="2x2" Column="4" Row="2" AppUserModelID="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" />
|
||||||
<start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
|
<start:Tile Size="2x2" Column="4" Row="0" AppUserModelID="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
|
||||||
<start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
|
<start:Tile Size="2x2" Column="4" Row="4" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
|
||||||
<start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
|
<start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
|
||||||
</start:Group>
|
</start:Group>
|
||||||
<start:Group Name="Group2">
|
<start:Group Name="Group2">
|
||||||
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
|
<start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
|
||||||
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
|
<start:DesktopApplicationTile Size="2x2" Column="0" Row="0" DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk" />
|
||||||
</start:Group>
|
</start:Group>
|
||||||
</defaultlayout:StartLayout>
|
</defaultlayout:StartLayout>
|
||||||
</StartLayoutCollection>
|
</StartLayoutCollection>
|
||||||
</DefaultLayoutOverride>
|
</DefaultLayoutOverride>
|
||||||
</LayoutModificationTemplate>
|
</LayoutModificationTemplate>
|
||||||
]]>
|
]]>
|
||||||
</StartLayout>
|
</StartLayout>
|
||||||
<Taskbar ShowTaskbar="true"/>
|
<Taskbar ShowTaskbar="true"/>
|
||||||
</Profile>
|
</Profile>
|
||||||
</Profiles>
|
</Profiles>
|
||||||
<Configs>
|
<Configs>
|
||||||
<Config>
|
<Config>
|
||||||
<Account>MultiAppKioskUser</Account>
|
<Account>MultiAppKioskUser</Account>
|
||||||
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
|
<DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
|
||||||
</Config>
|
</Config>
|
||||||
</Configs>
|
</Configs>
|
||||||
</AssignedAccessConfiguration>
|
</AssignedAccessConfiguration>
|
||||||
"@
|
"@
|
||||||
|
|
||||||
Set-CimInstance -CimInstance $obj
|
Set-CimInstance -CimInstance $obj
|
||||||
|
|||||||
@ -65,86 +65,86 @@ Here are a few examples of responses from the Reporting CSP.
|
|||||||
|
|
||||||
#### File ownership on a file is changed from work to personal
|
#### File ownership on a file is changed from work to personal
|
||||||
```
|
```
|
||||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||||
<Log ProviderType="EDPAudit" LogType="ProtectionRemoved" TimeStamp="131357166318347527">
|
<Log ProviderType="EDPAudit" LogType="ProtectionRemoved" TimeStamp="131357166318347527">
|
||||||
<Policy>Protection removed</Policy>
|
<Policy>Protection removed</Policy>
|
||||||
<Justification>NULL</Justification>
|
<Justification>NULL</Justification>
|
||||||
<FilePath>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</FilePath>
|
<FilePath>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</FilePath>
|
||||||
</Log>
|
</Log>
|
||||||
</User>
|
</User>
|
||||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||||
```
|
```
|
||||||
|
|
||||||
#### A work file is uploaded to a personal webpage in Edge
|
#### A work file is uploaded to a personal webpage in Edge
|
||||||
```
|
```
|
||||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357192409318534">
|
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357192409318534">
|
||||||
<Policy>CopyPaste</Policy>
|
<Policy>CopyPaste</Policy>
|
||||||
<Justification>NULL</Justification>
|
<Justification>NULL</Justification>
|
||||||
<SourceApplicationName>NULL</SourceApplicationName>
|
<SourceApplicationName>NULL</SourceApplicationName>
|
||||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||||
<DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
|
<DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
|
||||||
<DataInfo>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</DataInfo>
|
<DataInfo>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</DataInfo>
|
||||||
</Log>
|
</Log>
|
||||||
</User>
|
</User>
|
||||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Work data is pasted into a personal webpage
|
#### Work data is pasted into a personal webpage
|
||||||
```
|
```
|
||||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357193734179782">
|
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357193734179782">
|
||||||
<Policy>CopyPaste</Policy>
|
<Policy>CopyPaste</Policy>
|
||||||
<Justification>NULL</Justification>
|
<Justification>NULL</Justification>
|
||||||
<SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
|
<SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
|
||||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||||
<DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
|
<DestinationApplicationName>mail.contoso.com</DestinationApplicationName>
|
||||||
<DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
|
<DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
|
||||||
</Log>
|
</Log>
|
||||||
</User>
|
</User>
|
||||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||||
```
|
```
|
||||||
|
|
||||||
#### A work file is opened with a personal application
|
#### A work file is opened with a personal application
|
||||||
```
|
```
|
||||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||||
<Log ProviderType="EDPAudit" LogType="ApplicationGenerated" TimeStamp="131357194991209469">
|
<Log ProviderType="EDPAudit" LogType="ApplicationGenerated" TimeStamp="131357194991209469">
|
||||||
<Policy>NULL</Policy>
|
<Policy>NULL</Policy>
|
||||||
<Justification></Justification>
|
<Justification></Justification>
|
||||||
<Object>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</Object>
|
<Object>C:\Users\TestUser\Desktop\tmp\demo\Work document.docx</Object>
|
||||||
<Action>1</Action>
|
<Action>1</Action>
|
||||||
<SourceName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</SourceName>
|
<SourceName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</SourceName>
|
||||||
<DestinationEnterpriseID>Personal</DestinationEnterpriseID>
|
<DestinationEnterpriseID>Personal</DestinationEnterpriseID>
|
||||||
<DestinationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</DestinationName>
|
<DestinationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</DestinationName>
|
||||||
<Application>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</Application>
|
<Application>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT® WINDOWS® OPERATING SYSTEM\WORDPAD.EXE\10.0.15063.2</Application>
|
||||||
</Log>
|
</Log>
|
||||||
</User>
|
</User>
|
||||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||||
```
|
```
|
||||||
|
|
||||||
#### Work data is pasted into a personal application
|
#### Work data is pasted into a personal application
|
||||||
```
|
```
|
||||||
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
<SyncML><SyncHdr/><SyncBody><Status><CmdID>1</CmdID><MsgRef>1</MsgRef><CmdRef>0</CmdRef><Cmd>SyncHdr</Cmd><Data>200</Data></Status><Status><CmdID>2</CmdID><MsgRef>1</MsgRef><CmdRef>2</CmdRef><Cmd>Replace</Cmd><Data>200</Data></Status><Status><CmdID>3</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Cmd>Get</Cmd><Data>200</Data></Status><Results><CmdID>4</CmdID><MsgRef>1</MsgRef><CmdRef>4</CmdRef><Item><Source><LocURI>./Vendor/MSFT/Reporting/EnterpriseDataProtection/RetrieveByTimeRange/Logs</LocURI></Source><Meta><Format xmlns="syncml:metinf">xml</Format></Meta><Data><?xml version="1.0" encoding="utf-8"?>
|
||||||
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
<Reporting Version="com.contoso/2.0/MDM/Reporting">
|
||||||
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
<User UserID="S-1-12-1-1111111111-1111111111-1111111111-1111111111" EnterpriseID="corp.contoso.com">
|
||||||
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357196076537270">
|
<Log ProviderType="EDPAudit" LogType="DataCopied" TimeStamp="131357196076537270">
|
||||||
<Policy>CopyPaste</Policy>
|
<Policy>CopyPaste</Policy>
|
||||||
<Justification>NULL</Justification>
|
<Justification>NULL</Justification>
|
||||||
<SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
|
<SourceApplicationName>O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\MICROSOFT OFFICE 2016\WINWORD.EXE\16.0.8027.1000</SourceApplicationName>
|
||||||
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
<DestinationEnterpriseID>NULL</DestinationEnterpriseID>
|
||||||
<DestinationApplicationName></DestinationApplicationName>
|
<DestinationApplicationName></DestinationApplicationName>
|
||||||
<DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
|
<DataInfo>EnterpriseDataProtectionId|Object Descriptor|Rich Text Format|HTML Format|AnsiText|Text|EnhancedMetafile|Embed Source|Link Source|Link Source Descriptor|ObjectLink|Hyperlink</DataInfo>
|
||||||
</Log>
|
</Log>
|
||||||
</User>
|
</User>
|
||||||
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
</Reporting></Data></Item></Results><Final/></SyncBody></SyncML>
|
||||||
```
|
```
|
||||||
|
|
||||||
## Collect WIP audit logs by using Windows Event Forwarding (for Windows desktop domain-joined devices only)
|
## Collect WIP audit logs by using Windows Event Forwarding (for Windows desktop domain-joined devices only)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user