diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 2bc6d2300d..651e786236 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -1,7 +1,7 @@
---
title: PassportForWork CSP
description: Learn more about the PassportForWork CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -1284,8 +1284,8 @@ Enhanced Sign-in Security (ESS) isolates both biometric template data and matchi
| Value | Description |
|:--|:--|
-| 0 | ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of peripheral Windows Hello capable devices will be allowed, subject to current feature limitations. In addition, with this setting, ESS will be enabled on devices with a mixture of biometric devices, such as an ESS capable FPR and a non-ESS capable camera. (not recommended). |
-| 1 (Default) | ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any peripheral biometric device will be blocked and not available for Windows Hello. (default and recommended for highest security). |
+| 0 | ESS will be disabled on systems with capable software and hardware. Authentication operations of peripheral Windows Hello capable devices will be allowed, subject to current feature limitations. |
+| 1 (Default) | ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any peripheral biometric device will be blocked and not available for Windows Hello. |
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index a40108a1d3..94763f451e 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -1,7 +1,7 @@
---
title: PassportForWork DDF file
description: View the XML file containing the device description framework (DDF) for the PassportForWork configuration service provider.
-ms.date: 02/13/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -1579,11 +1579,11 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re
0
- ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of peripheral Windows Hello capable devices will be allowed, subject to current feature limitations. In addition, with this setting, ESS will be enabled on devices with a mixture of biometric devices, such as an ESS capable FPR and a non-ESS capable camera. (not recommended)
+ ESS will be disabled on systems with capable software and hardware. Authentication operations of peripheral Windows Hello capable devices will be allowed, subject to current feature limitations.
1
- ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any peripheral biometric device will be blocked and not available for Windows Hello. (default and recommended for highest security)
+ ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any peripheral biometric device will be blocked and not available for Windows Hello.
diff --git a/windows/client-management/mdm/policies-in-preview.md b/windows/client-management/mdm/policies-in-preview.md
index 9be89eb1f4..e7a1b732c0 100644
--- a/windows/client-management/mdm/policies-in-preview.md
+++ b/windows/client-management/mdm/policies-in-preview.md
@@ -1,7 +1,7 @@
---
title: Configuration service provider preview policies
description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
-ms.date: 04/21/2025
+ms.date: 05/02/2025
ms.topic: generated-reference
---
@@ -86,6 +86,7 @@ This article lists the policies that are applicable for Windows Insider Preview
- [EnableDevDrive](policy-csp-filesystem.md#enabledevdrive)
- [DevDriveAttachPolicy](policy-csp-filesystem.md#devdriveattachpolicy)
+- [ClfsAuthenticationChecking](policy-csp-filesystem.md#clfsauthenticationchecking)
## HealthAttestation CSP
@@ -135,6 +136,8 @@ This article lists the policies that are applicable for Windows Insider Preview
## LocalPoliciesSecurityOptions
- [InteractiveLogon_NumberOfPreviousLogonsToCache](policy-csp-localpoliciessecurityoptions.md#interactivelogon_numberofpreviouslogonstocache)
+- [NetworkAccess_RemotelyAccessibleRegistryPaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypaths)
+- [NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypathsandsubpaths)
- [UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_behavioroftheelevationpromptforadministratorprotection)
- [UserAccountControl_TypeOfAdminApprovalMode](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_typeofadminapprovalmode)
@@ -179,7 +182,7 @@ This article lists the policies that are applicable for Windows Insider Preview
## SettingsSync
-- [EnableWindowsbackup](policy-csp-settingssync.md#enablewindowsbackup)
+- [EnableWindowsBackup](policy-csp-settingssync.md#enablewindowsbackup)
## Start
@@ -220,6 +223,10 @@ This article lists the policies that are applicable for Windows Insider Preview
- [DisableGenerativeFill](policy-csp-windowsai.md#disablegenerativefill)
- [AllowRecallEnablement](policy-csp-windowsai.md#allowrecallenablement)
+## WindowsBackupAndRestore CSP
+
+- [EnableWindowsRestore](windowsbackupandrestore-csp.md#enablewindowsrestore)
+
## WindowsLicensing CSP
- [SubscriptionType](windowslicensing-csp.md#subscriptionssubscriptiontype)
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 9fc3c22b95..50b70af65a 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,7 +1,7 @@
---
title: DeviceLock Policy CSP
description: Learn more about the DeviceLock Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -24,7 +24,7 @@ ms.topic: generated-reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -63,7 +63,7 @@ Account lockout threshold - This security setting determines the number of faile
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -328,7 +328,7 @@ Determines the type of PIN or password required. This policy only applies if the
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -684,7 +684,7 @@ The number of authentication failures allowed before the device will be wiped. A
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1024,7 +1024,7 @@ This security setting determines the period of time (in days) that a password mu
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1077,7 +1077,7 @@ This security setting determines the least number of characters that a password
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1127,7 +1127,7 @@ This security setting determines the minimum password length for which password
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1187,7 +1187,7 @@ Complexity requirements are enforced when passwords are changed or created.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1359,7 +1359,7 @@ If you enable this setting, users will no longer be able to modify slide show se
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index fef26a3307..eaaee22550 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,7 +1,7 @@
---
title: Display Policy CSP
description: Learn more about the Display Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -22,10 +22,14 @@ ms.topic: generated-reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+```User
+./User/Vendor/MSFT/Policy/Config/Display/ConfigureMultipleDisplayMode
+```
+
```Device
./Device/Vendor/MSFT/Policy/Config/Display/ConfigureMultipleDisplayMode
```
@@ -33,7 +37,7 @@ ms.topic: generated-reference
-This policy sets the default display arrangement to pick between clone or extend.
+Set the default display arrangement as clone, extend, internalOnly, externalOnly or default Windows Settings.
@@ -47,7 +51,7 @@ This policy sets the default display arrangement to pick between clone or extend
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
-| Default Value | 1 |
+| Default Value | 0 |
@@ -55,9 +59,11 @@ This policy sets the default display arrangement to pick between clone or extend
| Value | Description |
|:--|:--|
-| 0 | Default. |
-| 1 (Default) | Clone. |
-| 2 | Extend. |
+| 0 (Default) | Default. |
+| 1 | Internal Only. |
+| 2 | External Only. |
+| 3 | Clone. |
+| 4 | Extend. |
@@ -305,10 +311,14 @@ Enabling this setting lets you specify the system-wide default for desktop appli
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+```User
+./User/Vendor/MSFT/Policy/Config/Display/SetClonePreferredResolutionSource
+```
+
```Device
./Device/Vendor/MSFT/Policy/Config/Display/SetClonePreferredResolutionSource
```
@@ -316,7 +326,7 @@ Enabling this setting lets you specify the system-wide default for desktop appli
-This policy sets the cloned monitor preferred resolution source to an internal or external monitor by default.
+Set the cloned monitor preferred resolution source as internal or external monitor or set to default.
@@ -330,7 +340,7 @@ This policy sets the cloned monitor preferred resolution source to an internal o
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
-| Default Value | 1 |
+| Default Value | 0 |
@@ -338,8 +348,8 @@ This policy sets the cloned monitor preferred resolution source to an internal o
| Value | Description |
|:--|:--|
-| 0 | Default. |
-| 1 (Default) | Internal. |
+| 0 (Default) | Default. |
+| 1 | Internal. |
| 2 | External. |
diff --git a/windows/client-management/mdm/policy-csp-filesystem.md b/windows/client-management/mdm/policy-csp-filesystem.md
index 79f4e79033..6113c617a1 100644
--- a/windows/client-management/mdm/policy-csp-filesystem.md
+++ b/windows/client-management/mdm/policy-csp-filesystem.md
@@ -1,7 +1,7 @@
---
title: FileSystem Policy CSP
description: Learn more about the FileSystem Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 05/06/2025
ms.topic: generated-reference
---
@@ -18,6 +18,56 @@ ms.topic: generated-reference
+
+## ClfsAuthenticationChecking
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/Policy/Config/FileSystem/ClfsAuthenticationChecking
+```
+
+
+
+
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `chr` (string) |
+| Access Type | Add, Delete, Get, Replace |
+
+
+
+
+[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
+
+**ADMX mapping**:
+
+| Name | Value |
+|:--|:--|
+| Name | ClfsAuthenticationChecking |
+| ADMX File Name | FileSys.admx |
+
+
+
+
+
+
+
+
## DevDriveAttachPolicy
@@ -95,7 +145,7 @@ Dev drive or developer volume is a volume optimized for performance of developer
Disabling this setting will disallow creation of new developer volumes, existing developer volumes will mount as regular volumes.
-If this setting isn't configured the default policy is to enable developer volumes while allowing antivirus filter to attach on a deveveloper volume. Further, if not configured, a local administrator can choose to not have antivirus filter attached to a developer volume.
+If this setting isn't configured the default policy is to enable developer volumes while allowing antivirus filter to attach on a developer volume. Further, if not configured, a local administrator can choose to not have antivirus filter attached to a developer volume.
A reboot is required for this setting to take effect.
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index 9c5d66ece3..721b0c112a 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,7 +1,7 @@
---
title: LocalPoliciesSecurityOptions Policy CSP
description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -361,7 +361,7 @@ Accounts: Rename guest account This security setting determines whether a differ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -422,7 +422,7 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -463,7 +463,7 @@ Audit: Force audit policy subcategory settings (Windows Vista or later) to overr
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -736,7 +736,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -789,7 +789,7 @@ Devices: Restrict floppy access to locally logged-on user only This security set
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -843,7 +843,7 @@ Domain member: Digitally encrypt or sign secure channel data (always) This secur
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -896,7 +896,7 @@ Domain member: Digitally encrypt secure channel data (when possible) This securi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -946,7 +946,7 @@ Domain member: Digitally sign secure channel data (when possible) This security
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1000,7 +1000,7 @@ Domain member: Disable machine account password changes Determines whether a dom
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1053,7 +1053,7 @@ Domain member: Maximum machine account password age This security setting determ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1353,7 +1353,7 @@ Interactive logon: Don't require CTRL+ALT+DEL This security setting determines w
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1557,7 +1557,7 @@ Interactive logon: Message title for users attempting to log on This security se
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 with [KB5052093](https://support.microsoft.com/help/5052093) [10.0.26100.3323] and later
✅ Windows Insider Preview |
@@ -1599,7 +1599,7 @@ Interactive logon: Number of previous logons to cache (in case domain controller
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1888,7 +1888,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2071,7 +2071,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2114,7 +2114,7 @@ Microsoft network server: Disconnect clients when logon hours expire This securi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2155,7 +2155,7 @@ Microsoft network server: Server SPN target name validation level This policy se
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2336,7 +2336,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts and shares Thi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2384,7 +2384,7 @@ Network access: Don't allow storage of passwords and credentials for network aut
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2436,7 +2436,7 @@ Network access: Let Everyone permissions apply to anonymous users This security
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2476,7 +2476,7 @@ Network access: Named pipes that can be accessed anonymously This security setti
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 with [KB5053656](https://support.microsoft.com/help/5053656) [10.0.26100.3624] and later
✅ Windows Insider Preview |
@@ -2519,7 +2519,7 @@ Network access: Remotely accessible registry paths This security setting determi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 with [KB5053656](https://support.microsoft.com/help/5053656) [10.0.26100.3624] and later
✅ Windows Insider Preview |
@@ -2668,7 +2668,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2708,7 +2708,7 @@ Network access: Shares that can be accessed anonymously This security setting de
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2752,7 +2752,7 @@ Network access: Sharing and security model for local accounts This security sett
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2982,7 +2982,7 @@ Network security: Don't store LAN Manager hash value on next password change Thi
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3107,7 +3107,7 @@ Network security LAN Manager authentication level This security setting determin
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3513,7 +3513,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3563,7 +3563,7 @@ Recovery console: Allow automatic administrative logon This security setting det
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3720,7 +3720,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3761,7 +3761,7 @@ System Cryptography: Force strong key protection for user keys stored on the com
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -3811,7 +3811,7 @@ System objects: Require case insensitivity for non-Windows subsystems This secur
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index 04b7621dc4..2e2b488259 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,7 +1,7 @@
---
title: MSSecurityGuide Policy CSP
description: Learn more about the MSSecurityGuide Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -222,7 +222,7 @@ ms.topic: generated-reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 952086c203..cbfe6f3b95 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -1,7 +1,7 @@
---
title: NetworkListManager Policy CSP
description: Learn more about the NetworkListManager Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -20,7 +20,7 @@ ms.topic: generated-reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -69,7 +69,7 @@ This policy setting allows you to specify whether users can change the network i
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -118,7 +118,7 @@ This policy setting allows you to specify whether users can change the network l
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -261,7 +261,7 @@ This policy setting provides the string that names a network. If this setting is
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -310,7 +310,7 @@ This policy setting allows you to configure the Network Location for networks th
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -359,7 +359,7 @@ This policy setting allows you to configure the Network Location type for networ
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-settingssync.md b/windows/client-management/mdm/policy-csp-settingssync.md
index 65cf2fbf33..bd3593ba89 100644
--- a/windows/client-management/mdm/policy-csp-settingssync.md
+++ b/windows/client-management/mdm/policy-csp-settingssync.md
@@ -1,7 +1,7 @@
---
title: SettingsSync Policy CSP
description: Learn more about the SettingsSync Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -140,39 +140,39 @@ If you don't set or disable this setting, syncing of the "language preferences"
-
-## EnableWindowsbackup
+
+## EnableWindowsBackup
-
+
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
-
+
-
+
```Device
-./Device/Vendor/MSFT/Policy/Config/SettingsSync/EnableWindowsbackup
+./Device/Vendor/MSFT/Policy/Config/SettingsSync/EnableWindowsBackup
```
-
+
-
+
-
+
-
+
-
+
-
+
**Description framework properties**:
| Property name | Property value |
|:--|:--|
| Format | `chr` (string) |
| Access Type | Add, Delete, Get, Replace |
-
+
-
+
[!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
@@ -180,15 +180,15 @@ If you don't set or disable this setting, syncing of the "language preferences"
| Name | Value |
|:--|:--|
-| Name | EnableWindowsbackup |
+| Name | EnableWindowsBackup |
| ADMX File Name | SettingSync.admx |
-
+
-
+
-
+
-
+
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 4a1ac1541c..dd77b65a34 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,7 +1,7 @@
---
title: SystemServices Policy CSP
description: Learn more about the SystemServices Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -20,7 +20,7 @@ ms.topic: generated-reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -170,7 +170,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -220,7 +220,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -270,7 +270,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -320,7 +320,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -370,7 +370,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -420,7 +420,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -470,7 +470,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -520,7 +520,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -570,7 +570,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -620,7 +620,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -670,7 +670,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -720,7 +720,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -770,7 +770,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -820,7 +820,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -870,7 +870,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index e5c1efb17d..710e7c41a9 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,7 +1,7 @@
---
title: UserRights Policy CSP
description: Learn more about the UserRights Area in Policy CSP.
-ms.date: 03/12/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -257,7 +257,7 @@ This user right allows a process to impersonate any user without authentication.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -366,7 +366,7 @@ This user right determines which users can log on to the computer.
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -467,7 +467,7 @@ This user right determines which users can bypass file, directory, registry, and
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -582,7 +582,7 @@ This user right determines which users and groups can change the time and date o
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1058,7 +1058,7 @@ This security setting determines which service accounts are prevented from regis
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1590,7 +1590,7 @@ This user right determines which accounts can use a process to keep data in phys
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1639,7 +1639,7 @@ This security setting allows a user to be logged-on by means of a batch-queue fa
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -1936,7 +1936,7 @@ This user right determines which users can use performance monitoring tools to m
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2034,7 +2034,7 @@ This user right determines which users are allowed to shut down a computer from
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
@@ -2143,7 +2143,7 @@ This user right determines which users can bypass file, directory, registry, and
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 with [KB5053657](https://support.microsoft.com/help/5053657) [10.0.22621.5126] and later
✅ Windows 11, version 24H2 [10.0.26100] and later |
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index a8007969a9..6f59fee325 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,7 +1,7 @@
---
title: WindowsAI Policy CSP
description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 03/27/2025
+ms.date: 05/02/2025
ms.topic: generated-reference
---
@@ -22,7 +22,7 @@ ms.topic: generated-reference
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5052093](https://support.microsoft.com/help/5052093) [10.0.26100.3323] and later
✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5055627](https://support.microsoft.com/help/5055627) [10.0.26100.3915] and later
✅ Windows Insider Preview |
@@ -91,7 +91,7 @@ This policy setting allows you to determine whether the Recall optional componen
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5052093](https://support.microsoft.com/help/5052093) [10.0.26100.3323] and later
✅ Windows Insider Preview |
+| ✅ Device
✅ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5055627](https://support.microsoft.com/help/5055627) [10.0.26100.3915] and later
✅ Windows Insider Preview |
@@ -193,7 +193,7 @@ Click to Do lets people take action on content on their screens. When activated,
|:--|:--|
| Format | `int` |
| Access Type | Add, Delete, Get, Replace |
-| Default Value | 1 |
+| Default Value | 0 |
@@ -201,8 +201,8 @@ Click to Do lets people take action on content on their screens. When activated,
| Value | Description |
|:--|:--|
-| 0 | Click to Do is enabled. |
-| 1 (Default) | Click to Do is disabled. |
+| 0 (Default) | Click to Do is enabled. |
+| 1 | Click to Do is disabled. |
@@ -226,7 +226,7 @@ Click to Do lets people take action on content on their screens. When activated,
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.4870] and later
✅ Windows 11, version 24H2 [10.0.26100.3360] and later
✅ Windows Insider Preview |
@@ -288,7 +288,7 @@ This policy setting allows you to control whether Cocreator functionality is dis
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.4870] and later
✅ Windows 11, version 24H2 [10.0.26100.3360] and later
✅ Windows Insider Preview |
@@ -350,7 +350,7 @@ This policy setting allows you to control whether generative fill functionality
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
❌ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.4870] and later
✅ Windows 11, version 24H2 [10.0.26100.3360] and later
✅ Windows Insider Preview |
@@ -469,7 +469,7 @@ The property value is the Application User Model ID (AUMID) for the target appli
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5052093](https://support.microsoft.com/help/5052093) [10.0.26100.3323] and later
✅ Windows Insider Preview |
+| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5055627](https://support.microsoft.com/help/5055627) [10.0.26100.3915] and later
✅ Windows Insider Preview |
@@ -538,7 +538,7 @@ For example: `code.exe;Microsoft.WindowsNotepad_8wekyb3d8bbwe!App;ms-teams.exe`
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5052093](https://support.microsoft.com/help/5052093) [10.0.26100.3323] and later
✅ Windows Insider Preview |
+| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5055627](https://support.microsoft.com/help/5055627) [10.0.26100.3915] and later
✅ Windows Insider Preview |
@@ -603,7 +603,7 @@ Adding `https://www.WoodgroveBank.com` to the list would also filter `https://Ac
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5052093](https://support.microsoft.com/help/5052093) [10.0.26100.3323] and later
✅ Windows Insider Preview |
+| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5055627](https://support.microsoft.com/help/5055627) [10.0.26100.3915] and later
✅ Windows Insider Preview |
@@ -679,7 +679,7 @@ Snapshots aren't deleted until the maximum storage allocation for Recall is reac
| Scope | Editions | Applicable OS |
|:--|:--|:--|
-| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5052093](https://support.microsoft.com/help/5052093) [10.0.26100.3323] and later
✅ Windows Insider Preview |
+| ✅ Device
✅ User | ❌ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 with [KB5055627](https://support.microsoft.com/help/5055627) [10.0.26100.3915] and later
✅ Windows Insider Preview |
@@ -832,4 +832,4 @@ This policy setting allows you to turn off Windows Copilot.
## Related articles
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 51966229d9..68a08b226b 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -986,6 +986,11 @@ items:
items:
- name: WindowsAutopilot DDF file
href: windowsautopilot-ddf-file.md
+ - name: WindowsBackupAndRestore
+ href: windowsbackupandrestore-csp.md
+ items:
+ - name: WindowsBackupAndRestore DDF file
+ href: windowsbackupandrestore-ddf-file.md
- name: WindowsDefenderApplicationGuard
href: windowsdefenderapplicationguard-csp.md
items:
diff --git a/windows/client-management/mdm/windowsbackupandrestore-csp.md b/windows/client-management/mdm/windowsbackupandrestore-csp.md
new file mode 100644
index 0000000000..159f7d68e6
--- /dev/null
+++ b/windows/client-management/mdm/windowsbackupandrestore-csp.md
@@ -0,0 +1,83 @@
+---
+title: WindowsBackupAndRestore CSP
+description: Learn more about the WindowsBackupAndRestore CSP.
+ms.date: 04/30/2025
+ms.topic: generated-reference
+---
+
+
+
+
+# WindowsBackupAndRestore CSP
+
+[!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
+
+
+
+
+
+
+The following list shows the WindowsBackupAndRestore configuration service provider nodes:
+
+- ./Device/Vendor/MSFT/WindowsBackupAndRestore
+ - [EnableWindowsRestore](#enablewindowsrestore)
+
+
+
+## EnableWindowsRestore
+
+
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| ✅ Device
❌ User | ✅ Pro
✅ Enterprise
✅ Education
✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+
+
+
+```Device
+./Device/Vendor/MSFT/WindowsBackupAndRestore/EnableWindowsRestore
+```
+
+
+
+
+Sets a policy to enable Windows Restore.
+
+
+
+
+
+
+
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | `bool` |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value | false |
+
+
+
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Windows Restore Not Configured. |
+| true | Windows Restore Enabled. |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+## Related articles
+
+[Configuration service provider reference](configuration-service-provider-reference.md)
diff --git a/windows/client-management/mdm/windowsbackupandrestore-ddf-file.md b/windows/client-management/mdm/windowsbackupandrestore-ddf-file.md
new file mode 100644
index 0000000000..f5a3975bae
--- /dev/null
+++ b/windows/client-management/mdm/windowsbackupandrestore-ddf-file.md
@@ -0,0 +1,89 @@
+---
+title: WindowsBackupAndRestore DDF file
+description: View the XML file containing the device description framework (DDF) for the WindowsBackupAndRestore configuration service provider.
+ms.date: 04/30/2025
+ms.topic: generated-reference
+---
+
+
+
+# WindowsBackupAndRestore DDF file
+
+The following XML file contains the device description framework (DDF) for the WindowsBackupAndRestore configuration service provider.
+
+```xml
+
+]>
+
+ 1.2
+
+
+
+ WindowsBackupAndRestore
+ ./Device/Vendor/MSFT
+
+
+
+
+ The root node for the Windows Backup and restore.
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 99.9.99999
+ 9.9
+ 0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;
+
+
+
+ EnableWindowsRestore
+
+
+
+
+
+
+
+ false
+ Sets a policy to enable Windows Restore.
+
+
+
+
+
+
+
+
+
+ Enable Windows Restore
+
+
+
+
+
+ false
+ Windows Restore Not Configured
+
+
+ true
+ Windows Restore Enabled
+
+
+
+
+
+
+```
+
+## Related articles
+
+[WindowsBackupAndRestore configuration service provider reference](windowsbackupandrestore-csp.md)
diff --git a/windows/client-management/mdm/wirelessnetworkpreference-csp.md b/windows/client-management/mdm/wirelessnetworkpreference-csp.md
index b356a16a04..cd372050db 100644
--- a/windows/client-management/mdm/wirelessnetworkpreference-csp.md
+++ b/windows/client-management/mdm/wirelessnetworkpreference-csp.md
@@ -1,7 +1,7 @@
---
title: WirelessNetworkPreference CSP
description: Learn more about the WirelessNetworkPreference CSP.
-ms.date: 04/21/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -577,8 +577,8 @@ When evaluating eSIM profiles for connectivity, this value configures the amount
|:--|:--|
| Format | `int` |
| Access Type | Get, Replace |
-| Allowed Values | Range: `[30-360]` |
-| Default Value | 60 |
+| Allowed Values | Range: `[20-360]` |
+| Default Value | 30 |
@@ -733,7 +733,7 @@ Nodes that indicate the status of the wireless connectivity management service.
-An integer indicating the current status of the wireless connectivity management service. If the value is zero, there are no errors. \n\n 0 = No errors. \n 1 = No policies are configured. \n 2 = More than one policy has the same priority. \n 3 = More than one policy references the same PLMNID. \n 4 = Invalid PLMNID for one or more of the configured profiles. \n 5 = More than one eSIM profile stored in the eUICC with the same PLMN ID. \n 6 = Invalid configuration value for one or more of the cellular parameters. Please review CSP documentation. \n\n Warning: Any of these errors will result in a complete halt of the wireless connectivity management service.
+An integer indicating the current status of the wireless connectivity management service. If the value is zero, there are no errors. \n\n 0 = No errors. \n 1 = No policies are configured. \n 2 = More than one policy has the same priority. \n 3 = More than one policy references the same PLMN ID. \n 4 = Invalid PLMN ID for one or more of the configured profiles. \n 5 = More than one eSIM profile stored in the eUICC with the same PLMN ID. \n 6 = Invalid configuration value for one or more of the cellular parameters. Please review CSP documentation. \n\n Warning: Any of these errors will result in a complete halt of the wireless connectivity management service.
@@ -811,7 +811,7 @@ Count of operational eSIM profiles stored in the eUICC.
-Count of operational eSIM profiles stored on the eUICC whose PLMN matches one of the ConnectionProfileIDs setup under the ConnectionProfiles node. Only matched profiles with no errors will be counted. If more than one eSIM profile with the same PLMN ID is configured on the policy and/or more than one eSIM profile with the same PLMN ID is stored in the eUICC, then they won't be counted even if there is a match.
+Count of operational eSIM profiles stored on the eUICC whose PLMN ID matches one of the ConnectionProfileIDs setup under the ConnectionProfiles node. Only matched profiles with no errors will be counted. If more than one eSIM profile with the same PLMN ID is configured on the policy and/or more than one eSIM profile with the same PLMN ID is stored in the eUICC, then they won't be counted even if there is a match.
diff --git a/windows/client-management/mdm/wirelessnetworkpreference-ddf-file.md b/windows/client-management/mdm/wirelessnetworkpreference-ddf-file.md
index e23616812e..01d64c2b80 100644
--- a/windows/client-management/mdm/wirelessnetworkpreference-ddf-file.md
+++ b/windows/client-management/mdm/wirelessnetworkpreference-ddf-file.md
@@ -1,7 +1,7 @@
---
title: WirelessNetworkPreference DDF file
description: View the XML file containing the device description framework (DDF) for the WirelessNetworkPreference configuration service provider.
-ms.date: 04/21/2025
+ms.date: 04/30/2025
ms.topic: generated-reference
---
@@ -25,7 +25,7 @@ The following XML file contains the device description framework (DDF) for the W
- Represents information associated with wireless networks prioritization including detailed connectivity priorities for specific cellular networks with a unique PLMN_ID.
+ Represents information associated with wireless networks prioritization including detailed connectivity priorities for specific cellular networks with a unique PLMN ID.
@@ -157,7 +157,7 @@ The following XML file contains the device description framework (DDF) for the W
- Count of operational eSIM profiles stored on the eUICC whose PLMN matches one of the ConnectionProfileIDs setup under the ConnectionProfiles node. Only matched profiles with no errors will be counted. If more than one eSIM profile with the same PLMN ID is configured on the policy and/or more than one eSIM profile with the same PLMN ID is stored in the eUICC, then they will not be counted even if there is a match.
+ Count of operational eSIM profiles stored on the eUICC whose PLMN ID matches one of the ConnectionProfileIDs setup under the ConnectionProfiles node. Only matched profiles with no errors will be counted. If more than one eSIM profile with the same PLMN ID is configured on the policy and/or more than one eSIM profile with the same PLMN ID is stored in the eUICC, then they will not be counted even if there is a match.
@@ -178,7 +178,7 @@ The following XML file contains the device description framework (DDF) for the W
- An integer indicating the current status of the wireless connectivity management service. If the value is zero, there are no errors. \n\n 0 = No errors. \n 1 = No policies are configured. \n 2 = More than one policy has the same priority. \n 3 = More than one policy references the same PLMNID. \n 4 = Invalid PLMNID for one or more of the configured profiles. \n 5 = More than one eSIM profile stored in the eUICC with the same PLMN ID. \n 6 = Invalid configuration value for one or more of the cellular parameters. Please review CSP documentation. \n\n Warning: Any of these errors will result in a complete halt of the wireless connectivity management service.
+ An integer indicating the current status of the wireless connectivity management service. If the value is zero, there are no errors. \n\n 0 = No errors. \n 1 = No policies are configured. \n 2 = More than one policy has the same priority. \n 3 = More than one policy references the same PLMN ID. \n 4 = Invalid PLMN ID for one or more of the configured profiles. \n 5 = More than one eSIM profile stored in the eUICC with the same PLMN ID. \n 6 = Invalid configuration value for one or more of the cellular parameters. Please review CSP documentation. \n\n Warning: Any of these errors will result in a complete halt of the wireless connectivity management service.
@@ -326,7 +326,7 @@ The following XML file contains the device description framework (DDF) for the W
- 60
+ 30
When evaluating eSIM profiles for connectivity, this value configures the amount of time (in seconds) that the agent will wait for network registration before considering this profile unsatisfactory and moving on to the next one.
@@ -341,7 +341,7 @@ The following XML file contains the device description framework (DDF) for the W
- [30-360]
+ [20-360]
diff --git a/windows/configuration/settings/page-visibility.md b/windows/configuration/settings/page-visibility.md
index c7f798daa6..2bc3491bd8 100644
--- a/windows/configuration/settings/page-visibility.md
+++ b/windows/configuration/settings/page-visibility.md
@@ -45,7 +45,7 @@ Hide only the Bluetooth page, which has the URI `ms-settings:bluetooth`:
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
-#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
+#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
@@ -55,7 +55,9 @@ Hide only the Bluetooth page, which has the URI `ms-settings:bluetooth`:
[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
-Alternatively, you can configure devices using a [custom policy][INT-1] with the [Policy CSP][CSP-1].
+#### [:::image type="icon" source="../images/icons/csp.svg"::: **CSP**](#tab/csp)
+
+You can configure devices using the [Policy CSP][CSP-1].
| Setting |
|--|
diff --git a/windows/configuration/shell-launcher/configure.md b/windows/configuration/shell-launcher/configure.md
index da5de3ddb3..474ff83e21 100644
--- a/windows/configuration/shell-launcher/configure.md
+++ b/windows/configuration/shell-launcher/configure.md
@@ -150,7 +150,7 @@ To learn how to configure the Shell Launcher XML file, see [Create a Shell Launc
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
-#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
+#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune**](#tab/intune)
You can configure devices using a [custom policy][MEM-1] with the [AssignedAccess CSP][WIN-3].
@@ -159,12 +159,19 @@ You can configure devices using a [custom policy][MEM-1] with the [AssignedAcces
Assign the policy to a group that contains as members the devices that you want to configure.
+#### [:::image type="icon" source="../images/icons/csp.svg"::: **CSP**](#tab/csp)
+
+You can configure devices using the [AssignedAccess CSP][WIN-3].
+
+- **Setting:** `./Vendor/MSFT/AssignedAccess/ShellLauncher`
+- **Value:** content of the XML configuration file
+
#### [:::image type="icon" source="../images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
You can configure Shell Launcher by creating a provisioning package and then applying the provisioning package during image deployment time or at runtime:
- If you're creating an installation media with settings for Shell Launcher included in the image, or you're applying a provisioning package during setup, you must enable Shell Launcher on the installation media with DISM for a provisioning package to successfully apply
-- If exectuing the provisioning package at runtime, ensure to [enable Shell Launcher](#enable-shell-launcher) before applying the provisioning package
+- If executing the provisioning package at runtime, ensure to [enable Shell Launcher](#enable-shell-launcher) before applying the provisioning package
[!INCLUDE [provisioning-package-1](../../../includes/configure/provisioning-package-1.md)]
@@ -233,7 +240,11 @@ Depending on your configuration, you can have a user to automatically sign in to
Here are the options to remove Shell Launcher, select the method that best fits your needs:
-#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
+#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune**](#tab/intune)
+
+Unassign or delete the policy that contains the configuration.
+
+#### [:::image type="icon" source="../images/icons/csp.svg"::: **CSP**](#tab/csp)
Unassign or delete the policy that contains the configuration.
diff --git a/windows/configuration/shell-launcher/quickstart-kiosk.md b/windows/configuration/shell-launcher/quickstart-kiosk.md
index c7e587aafe..600d9df1de 100644
--- a/windows/configuration/shell-launcher/quickstart-kiosk.md
+++ b/windows/configuration/shell-launcher/quickstart-kiosk.md
@@ -24,7 +24,7 @@ The examples can be modified to fit your specific requirements. For example, you
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
-#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune/CSP**](#tab/intune)
+#### [:::image type="icon" source="../images/icons/intune.svg"::: **Intune**](#tab/intune)
> [!TIP]
> Use the following Graph call to automatically create a custom policy in your Microsoft Intune tenant without assignments nor scope tags.
@@ -35,13 +35,18 @@ The examples can be modified to fit your specific requirements. For example, you
Assign the policy to a group that contains as members the devices that you want to configure.
-Alternatively, you can configure devices using a [custom policy][MEM-1] with the [AssignedAccess CSP][WIN-3].
-
-- **Setting:** `./Vendor/MSFT/AssignedAccess/ShellLauncher`
-- **Value:**
-
[!INCLUDE [quickstart-xml](includes/quickstart-xml.md)]
+#### [:::image type="icon" source="../images/icons/csp.svg"::: **CSP**](#tab/csp)
+
+You can configure devices using the [AssignedAccess CSP][WIN-3].
+
+| Setting |
+|--|
+|- **OMA-URI:** `./Vendor/MSFT/AssignedAccess/ShellLauncher`
- **Data type:** string
- **Value:** content of the following XML |
+
+ [!INCLUDE [quickstart-xml](includes/quickstart-xml.md)]
+
#### [:::image type="icon" source="../images/icons/powershell.svg"::: **PowerShell**](#tab/ps)
[!INCLUDE [powershell-wmi-bridge-1](../../../includes/configure/powershell-wmi-bridge-1.md)]
diff --git a/windows/configuration/store/index.md b/windows/configuration/store/index.md
index b6b7609319..93d20d428c 100644
--- a/windows/configuration/store/index.md
+++ b/windows/configuration/store/index.md
@@ -17,7 +17,7 @@ You can use configuration service provider (CSP) or group policy (GPO) settings
[!INCLUDE [tab-intro](../../../includes/configure/tab-intro.md)]
-#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
+#### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune**](#tab/intune)
[!INCLUDE [intune-settings-catalog-1](../../../includes/configure/intune-settings-catalog-1.md)]
@@ -27,7 +27,10 @@ You can use configuration service provider (CSP) or group policy (GPO) settings
[!INCLUDE [intune-settings-catalog-2](../../../includes/configure/intune-settings-catalog-2.md)]
-Alternatively, you can configure devices using a [custom policy][INT-1] with the [Policy CSP][CSP-1].
+
+#### [:::image type="icon" source="../images/icons/csp.svg"::: **CSP**](#tab/csp-11)
+
+You can configure devices using the [Policy CSP][CSP-1].
| Setting |
|--|
diff --git a/windows/configuration/taskbar/includes/example.md b/windows/configuration/taskbar/includes/example.md
index 4a31f71fce..20782979f7 100644
--- a/windows/configuration/taskbar/includes/example.md
+++ b/windows/configuration/taskbar/includes/example.md
@@ -17,6 +17,7 @@ ms.topic: include
+
diff --git a/windows/configuration/toc.yml b/windows/configuration/toc.yml
index 3905feae74..84222e90c6 100644
--- a/windows/configuration/toc.yml
+++ b/windows/configuration/toc.yml
@@ -11,8 +11,10 @@ items:
href: background/index.md
- name: Windows spotlight
href: windows-spotlight/index.md
-- name: Settings page visibility
- href: settings/page-visibility.md
+- name: Settings
+ items:
+ - name: Page visibility
+ href: settings/page-visibility.md
- name: Microsoft Store
href: store/toc.yml
- name: Quick machine recovery
diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md
index 53fd47a91e..2a785d27d8 100644
--- a/windows/deployment/do/waas-delivery-optimization.md
+++ b/windows/deployment/do/waas-delivery-optimization.md
@@ -85,8 +85,6 @@ In Windows client Enterprise, Professional, and Education editions, Delivery Opt
At Microsoft, to help ensure that ongoing deployments weren't affecting our network and taking away bandwidth for other services, Microsoft IT used a couple of different bandwidth management strategies. Delivery Optimization, peer-to-peer caching enabled through Group Policy, was piloted and then deployed to all managed devices using Group Policy. Based on recommendations from the Delivery Optimization team, we used the "group" configuration to limit sharing of content to only the devices that are members of the same Active Directory domain. The content is cached for 24 hours. More than 76 percent of content came from peer devices versus the Internet.
-For more information, check out the [Adopting Windows as a Service at Microsoft](https://www.microsoft.com/itshowcase/Article/Content/851/Adopting-Windows-as-a-service-at-Microsoft) technical case study.
-
## Using a proxy with Delivery Optimization
If a proxy is being used in your environment, see [Using a proxy with Delivery Optimization](delivery-optimization-proxy.md) to understand the proxy settings needed to properly using Delivery Optimization.
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 2e0fd5f1de..1e7ca6d9b9 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -4,7 +4,7 @@ description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR)
ms.service: windows-client
author: frankroj
ms.author: frankroj
-ms.date: 04/08/2024
+ms.date: 05/07/2025
manager: aaroncz
ms.localizationpriority: high
ms.topic: how-to
diff --git a/windows/hub/zone-pivot-groups.yml b/windows/hub/zone-pivot-groups.yml
index d68e890c3d..a4e09a33da 100644
--- a/windows/hub/zone-pivot-groups.yml
+++ b/windows/hub/zone-pivot-groups.yml
@@ -20,9 +20,9 @@ groups:
title: Windows versions
prompt: "Select the Windows version you want to learn about:"
pivots:
- - id: windows-insider
- title: Windows Insider
- id: windows-11
title: Windows 11
- id: windows-10
- title: Windows 10
\ No newline at end of file
+ title: Windows 10
+ - id: windows-insider
+ title: Windows Insider
\ No newline at end of file
diff --git a/windows/privacy/index.yml b/windows/privacy/index.yml
index 3f854c689e..e17ca37e0c 100644
--- a/windows/privacy/index.yml
+++ b/windows/privacy/index.yml
@@ -1,7 +1,7 @@
### YamlMime:Hub
-title: Windows Privacy
-summary: Get ready for General Data Protection Regulation (GDPR) by viewing and configuring Windows diagnostic data in your organization.
+title: Windows privacy documentation
+summary: Resources to help you understand data privacy considerations for Windows, including what tools and controls are available to your organization to view and manage Windows data collection.
brand: m365
metadata:
@@ -11,18 +11,17 @@ metadata:
ms.subservice: itpro-privacy
ms.topic: hub-page
ms.collection:
- - highpri
- essentials-privacy
- privacy-windows
author: DHB-MSFT
ms.author: danbrown
manager: laurawi
- ms.date: 06/27/2024
+ ms.date: 04/30/2025
ms.localizationpriority: high
highlightedContent:
items:
- - title: Windows privacy & compliance guide for IT and compliance professionals
+ - title: Windows privacy & compliance guide
itemType: overview
url: windows-privacy-compliance-guide.md
- title: Configure Windows diagnostic data
@@ -33,39 +32,37 @@ highlightedContent:
url: diagnostic-data-viewer-overview.md
productDirectory:
- title: Understand Windows diagnostic data in Windows 10 and Windows 11
- summary: For the latest Windows 10 version and Windows 11, learn more about what Windows diagnostic data is collected under the different settings.
+ title: Understand Windows diagnostic data in Windows 11 and Windows 10
+ summary: Learn more about what Windows diagnostic data is collected under the different settings for the latest versions of Windows 11 and Windows 10.
items:
- title: Windows 11 required diagnostic data
imageSrc: /media/common/i_extend.svg
- summary: Learn more about basic Windows diagnostic data events and fields collected.
+ summary: Learn more about Windows 11 diagnostic data events and fields collected.
url: required-diagnostic-events-fields-windows-11-24H2.md
- title: Windows 10 required diagnostic data
imageSrc: /media/common/i_build.svg
- summary: See what changes Windows is making to align to the new data collection taxonomy
+ summary: Learn more about Windows 10 diagnostic data events and fields collected.
url: required-windows-diagnostic-data-events-and-fields-2004.md
- title: Optional diagnostic data
imageSrc: /media/common/i_get-started.svg
- summary: Get examples of the types of optional diagnostic data collected from Windows
+ summary: Get examples of the types of optional diagnostic data collected from Windows.
url: optional-diagnostic-data.md
additionalContent:
sections:
- items:
- - title: View and manage Windows 10 connection endpoints
+ - title: View and manage Windows 11 connection endpoints
links:
- - text: Manage Windows 10 connection endpoints
- url: ./manage-windows-21h2-endpoints.md
- - text: Manage connection endpoints for non-Enterprise editions of Windows 10
- url: windows-endpoints-21h1-non-enterprise-editions.md
+ - text: Manage Windows 11 connection endpoints
+ url: ./manage-windows-11-endpoints.md
- text: Manage connections from Windows to Microsoft services
url: manage-connections-from-windows-operating-system-components-to-microsoft-services.md
- title: Additional resources
links:
- - text: Windows 10 on Trust Center
- url: https://www.microsoft.com/en-us/trustcenter/cloudservices/windows10
- - text: GDPR on Microsoft 365 Compliance solutions
- url: /microsoft-365/compliance/gdpr
- - text: Support for GDPR Accountability on Service Trust Portal
- url: https://servicetrust.microsoft.com/ViewPage/GDPRGetStarted
+ - text: Microsoft Trust Center
+ url: https://www.microsoft.com/trust-center/product-overview
+ - text: General Data Protection Regulation Summary
+ url: /compliance/regulatory/gdpr
+ - text: Service Trust Portal
+ url: https://servicetrust.microsoft.com
diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
index b98266524f..ee0d629731 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
@@ -357,8 +357,8 @@ The following table lists the keys and the corresponding values to turn off cert
| Registry Key | Details |
|--|--|
-| `HKEY_LOCAL_MACHINE\SYSTEM\CCS\Services\Kdc\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors` | Type = DWORD
Value = 1 |
-| `HKEY_LOCAL_MACHINE\SYSTEM\CCS\Control\LSA\Kerberos\Parameters\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors` | Type = DWORD
Value = 1 |
+| `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Kdc\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors` | Type = DWORD
Value = 1 |
+| `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Kerberos\Parameters\UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors` | Type = DWORD
Value = 1 |
## Additional smart card Group Policy settings and registry keys
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
index 30210647b8..dd9e1afa52 100644
--- a/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/dynamic-keywords.md
@@ -7,9 +7,6 @@ ms.date: 04/07/2025
# Windows Firewall dynamic keywords
-> [!IMPORTANT]
->This article describes features or settings that are in preview. The content is subject to change and may have dependencies on other features or services in preview.
-
Windows Firewall includes a functionality called *dynamic keywords*, which simplifies the configuration and management of Windows Firewall.
With dynamic keywords, you can define a set of IP address ranges, fully qualified domain names (FQDNs), and **autoresolution** options, to which one or more Firewall rules can refer.
diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 43334b47ec..3b4bdd7f15 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
---
title: Deprecated features in the Windows client
description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 04/24/2025
+ms.date: 05/02/2025
ms.service: windows-client
ms.subservice: itpro-fundamentals
ms.localizationpriority: medium
@@ -47,11 +47,12 @@ The features in this article are no longer being actively developed, and might b
| Feature | Details and mitigation | Deprecation announced |
|---|---|---|
+| Device metadata | Device metadata is deprecated and will be removed in a future release of Windows. For more information about the replacement for this functionality, see [Driver Package Container Metadata](/windows-hardware/drivers/install/driver-package-container-metadata). | May 2025 |
| Maps app | Maps app is deprecated. It will be removed from the Microsoft Store by July 2025 and will no longer be supported. For more information, see [Resources for deprecated features](deprecated-features-resources.md#maps-app). | April 2025 |
-| VBS enclaves for Windows 11, version 23H2 and earlier | [VBS enclaves](/windows/win32/trusted-execution/vbs-enclaves) are being deprecated on Windows 11, version 23H2 and earlier versions of Windows. Support for VBS enclaves will continue for Windows 11, version 24H2 and later. VBS enclaves are being [deprecated on Windows Server 2022](/windows-server/get-started/removed-deprecated-features-windows-server) and earlier versions of Windows Server. Support for VBS enclaves will continue for Windows Server 2025 and later. | April 2025 |
+| VBS enclaves for Windows 11, version 23H2 and earlier | [VBS enclaves](/windows/win32/trusted-execution/vbs-enclaves) are being deprecated on Windows 11, version 23H2 and earlier versions of Windows. Support for VBS enclaves will continue for Windows 11, version 24H2 and later. **[Update May 2025]** Existing enclaves signed with the EKU 1.3.6.1.4.1.311.76.57.1.15 will continue to be supported for all Windows 11, version 23H2 and earlier versions of Windows, so long as no changes are made to the enclave that requires a re-sign of it. If a re-sign of the enclave occurs, the new EKU will be used to re-sign and the enclave will only be supported on Windows 11, version 24H2 and later. Existing enclaves signed with EKU 1.3.6.1.4.1.311.76.57.1.15 will continue to function without disruption on the following operating systems until a re-sign is needed: - Windows 10, version 22H2
- Windows 11, version 22H2
- Windows 11, version 23H2
- Windows 11, version 24H2 and later
| April 2025 |
| Windows UWP Map control and Windows Maps platform APIs | The [Windows UWP Map control](/uwp/api/windows.ui.xaml.controls.maps) and [Windows Maps platform APIs](/uwp/api/windows.services.maps) within Windows have been deprecated as of April 8, 2025. The Maps UWP Control and Maps platform support within Windows will continue to function but will not be updated. For more information, see [Resources for deprecated features](deprecated-features-resources.md#windows-uwp-map-control-and-windows-maps-platform-apis). | April 8, 2025 |
-| Line printer daemon (LPR/LPD) | Deprecation reminder: [The line printer daemon protocol (LPR/LPD) was deprecated](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11)#printing) starting in Windows Server 2012. As removal of the line printer daemon protocol nears, we'd like to remind customers to ensure their environments are prepared for removal. When these features are eventually removed, clients that print to a server using this protocol, such as UNIX clients, will not be able to connect or print. Instead, UNIX clients should use IPP. Windows clients can connect to UNIX shared printers using the [Windows Standard Port Monitor](/troubleshoot/windows-server/printing/standard-port-monitor-for-tcpip). | [Original announcement: Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11)#printing)
Courtesy reminder: February 2025 |
-| Location History | We are deprecating and removing the Location History feature, an [API](/uwp/api/windows.devices.geolocation.geolocator.getgeopositionhistoryasync) that allowed Cortana to access 24 hours of device history when location was enabled. With the removal of the Location History feature, location data will no longer be saved locally and the corresponding settings will also be removed from the **Privacy & Security** > **Location** page in **Settings**. | February 2025 |
+| Line printer daemon (LPR/LPD) | Deprecation reminder: [The line printer daemon protocol (LPR/LPD) was deprecated](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11)#printing) starting in Windows Server 2012. As removal of the line printer daemon protocol nears, we'd like to remind customers to ensure their environments are prepared for removal. When these features are eventually removed, clients that print to a server using this protocol, such as UNIX clients, won't be able to connect or print. Instead, UNIX clients should use IPP. Windows clients can connect to UNIX shared printers using the [Windows Standard Port Monitor](/troubleshoot/windows-server/printing/standard-port-monitor-for-tcpip). | [Original announcement: Windows Server 2012](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831568(v=ws.11)#printing)
Courtesy reminder: February 2025 |
+| Location History | We're deprecating and removing the Location History feature, an [API](/uwp/api/windows.devices.geolocation.geolocator.getgeopositionhistoryasync) that allowed Cortana to access 24 hours of device history when location was enabled. With the removal of the Location History feature, location data will no longer be saved locally and the corresponding settings will also be removed from the **Privacy & Security** > **Location** page in **Settings**. | February 2025 |
| Suggested actions | Suggested actions that appear when you copy a phone number or future date in Windows 11 are deprecated and will be removed in a future Windows 11 update. | December 2024 |
| Legacy DRM services | Legacy DRM services, used by either Windows Media Player, Silverlight clients, Windows 7, or Windows 8 clients are deprecated. The following functionality won't work when these services are fully retired: - Playback of protected content in the legacy Windows Media Player on Windows 7
- Playback of protected content in a Silverlight client and Windows 8 clients
- In-home streaming playback from a Silverlight client or Windows 8 client to an Xbox 360
- Playback of protected content ripped from a personal CD on Windows 7 clients using Windows Media Player
| September 2024 |
| Paint 3D | Paint 3D is deprecated and will be removed from the Microsoft Store on November 4, 2024. To view and edit 2D images, you can use [Paint](https://apps.microsoft.com/detail/9pcfs5b6t72h) or [Photos](https://apps.microsoft.com/detail/9wzdncrfjbh4). For viewing 3D content, you can use [3D Viewer](https://apps.microsoft.com/detail/9nblggh42ths). For more information, see [Resources for deprecated features](deprecated-features-resources.md#paint-3d). | August 2024 |