deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged PR 2097: Merge maricia-11972860 to master

Browse Source
This commit is contained in:
Maricia Alforque 2017-07-07 17:37:23 +00:00
parent d93a95a878
commit bfdf3ee5cd
6 changed files with 99 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 83 KiB

After

Width:  |  Height:  |  Size: 106 KiB

10
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -10,7 +10,7 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 07/06/2017 ms.date: 07/07/2017
--- ---
# What's new in MDM enrollment and management # What's new in MDM enrollment and management
@ -945,6 +945,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td> <td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
</tr> </tr>
<tr class="even"> <tr class="even">
<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
<td style="vertical-align:top"><p>Added DeviceTunnel profile in Windows 10, version 1709.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td> <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p> <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p>
<ul> <ul>
@ -1256,6 +1260,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
</thead> </thead>
<tbody> <tbody>
<tr class="odd"> <tr class="odd">
<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
<td style="vertical-align:top"><p>Added DeviceTunnel profile in Windows 10, version 1709.</p>
</td></tr>
<tr class="odd">
<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td> <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
<td style="vertical-align:top">Added the following statements:. <td style="vertical-align:top">Added the following statements:.
<ul> <ul>

38
windows/client-management/mdm/vpnv2-csp.md
View File

@ -7,11 +7,13 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 06/19/2017 ms.date: 07/07/2017
--- ---
# VPNv2 CSP # VPNv2 CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device. The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device.
@ -45,8 +47,6 @@ Supported operations include Get, Add, and Delete.
> **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard. > **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
 
<a href="" id="vpnv2-profilename-apptriggerlist"></a>**VPNv2/***ProfileName***/AppTriggerList** <a href="" id="vpnv2-profilename-apptriggerlist"></a>**VPNv2/***ProfileName***/AppTriggerList**
Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect. Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
@ -91,6 +91,11 @@ The subnet prefix size part of the destination prefix for the route entry. This,
Value type is int. Supported operations include Get, Add, Replace, and Delete. Value type is int. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-routelist-routerowid-metric"></a>**VPNv2/***ProfileName***/RouteList/***routeRowId***/Metric**
Added in Windows 10, version 1607. The route's metric.
Value type is int. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-routelist-routerowid-exclusionroute"></a>**VPNv2/***ProfileName***/RouteList/***routeRowId***/ExclusionRoute** <a href="" id="vpnv2-profilename-routelist-routerowid-exclusionroute"></a>**VPNv2/***ProfileName***/RouteList/***routeRowId***/ExclusionRoute**
Added in Windows 10, version 1607. A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. Valid values: Added in Windows 10, version 1607. A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. Valid values:
@ -261,7 +266,7 @@ Valid values:
Value type is bool. Supported operations include Get, Add, Replace, and Delete. Value type is bool. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-lockdown"></a>**VPNv2/***ProfileName***/LockDown** <a href="" id="vpnv2-profilename-lockdown"></a>**VPNv2/***ProfileName***/LockDown** (./Device only profile)
Lockdown profile. Lockdown profile.
Valid values: Valid values:
@ -280,6 +285,24 @@ A Lockdown profile must be deleted before you can add, remove, or connect other
Value type is bool. Supported operations include Get, Add, Replace, and Delete. Value type is bool. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-devicetunnel"></a>**VPNv2/***ProfileName***/DeviceTunnel** (./Device only profile)
Device tunnel profile.
Valid values:
- False (default) - this is not a device tunnel profile.
- True - this is a device tunnel profile.
When the DeviceTunnel profile is turned on, it does the following things:
- First, it automatically becomes an "always on" profile.
- Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
- Third, no other device tunnel profile maybe be present on the same machine.
A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
Value type is bool. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/***ProfileName***/DnsSuffix** <a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/***ProfileName***/DnsSuffix**
Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList. Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
@ -493,6 +516,8 @@ The following list contains the valid values:
- AES128 - AES128
- AES192 - AES192
- AES256 - AES256
- AES\_GCM_128
- AES\_GCM_256
Value type is chr. Supported operations include Get, Add, Replace, and Delete. Value type is chr. Supported operations include Get, Add, Replace, and Delete.
@ -542,6 +567,11 @@ Added in Windows 10, version 1607. The preshared key used for an L2TP connectio
Value type is chr. Supported operations include Get, Add, Replace, and Delete. Value type is chr. Supported operations include Get, Add, Replace, and Delete.
<a href="" id="vpnv2-profilename-nativeprofile-disableclassbaseddefaultroute"></a>**VPNv2/***ProfileName***/NativeProfile/DisableClassBasedDefaultRoute**
Added in Windows 10, version 1607. Specifies the class based default routes. For example, if the interface IP begins with 10, it assumes a class a IP and pushes the route to 10.0.0.0/8
Value type is bool. Supported operations include Get, Add, Replace, and Delete.
## Examples ## Examples

67
windows/client-management/mdm/vpnv2-ddf-file.md
View File

@ -7,11 +7,13 @@ ms.topic: article
ms.prod: w10 ms.prod: w10
ms.technology: windows ms.technology: windows
author: nickbrower author: nickbrower
ms.date: 06/19/2017 ms.date: 07/07/2017
--- ---
# VPNv2 DDF file # VPNv2 DDF file
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **VPNv2** configuration service provider. This topic shows the OMA DM device description framework (DDF) for the **VPNv2** configuration service provider.
@ -20,7 +22,7 @@ You can download the DDF files from the links below:
- [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip) - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
- [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip) - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
The XML below is the current version for this CSP. The XML below is for Windows 10, version 1709.
``` syntax ``` syntax
<?xml version="1.0" encoding="UTF-8"?> <?xml version="1.0" encoding="UTF-8"?>
@ -33,7 +35,7 @@ The XML below is the current version for this CSP.
<VerDTD>1.2</VerDTD> <VerDTD>1.2</VerDTD>
<Node> <Node>
<NodeName>VPNv2</NodeName> <NodeName>VPNv2</NodeName>
<Path>./Vendor/MSFT</Path> <Path>./Device/Vendor/MSFT</Path>
<DFProperties> <DFProperties>
<AccessType> <AccessType>
<Get /> <Get />
@ -48,7 +50,7 @@ The XML below is the current version for this CSP.
<Permanent /> <Permanent />
</Scope> </Scope>
<DFType> <DFType>
<MIME>com.microsoft/1.2/MDM/VPNv2</MIME> <MIME>com.microsoft/1.3/MDM/VPNv2</MIME>
</DFType> </DFType>
</DFProperties> </DFProperties>
<Node> <Node>
@ -310,7 +312,7 @@ The XML below is the current version for this CSP.
<Delete /> <Delete />
<Replace /> <Replace />
</AccessType> </AccessType>
<Description> <Description>
False = This Route will direct traffic over the VPN False = This Route will direct traffic over the VPN
True = This Route will direct traffic over the physical interface True = This Route will direct traffic over the physical interface
By default, this value is false. By default, this value is false.
@ -953,6 +955,43 @@ The XML below is the current version for this CSP.
</DFType> </DFType>
</DFProperties> </DFProperties>
</Node> </Node>
<Node>
<NodeName>DeviceTunnel</NodeName>
<DFProperties>
<AccessType>
<Add />
<Delete />
<Get />
<Replace />
</AccessType>
<Description>
False = This is not a Device Tunnel profile and it is the default value.
True = This is a Device Tunnel profile.
If turned on a device tunnel profile does four things.
First, it automatically becomes an always on profile.
Second, it does not require the presence or logging in
of any user to the machine in order for it to connect.
Third, no other Device Tunnel profile maybe be present on the
Same machine.
A device tunnel profile must be deleted before another device tunnel
profile can be added, removed, or connected.
</Description>
<DFFormat>
<bool />
</DFFormat>
<Occurrence>
<ZeroOrOne />
</Occurrence>
<Scope>
<Dynamic />
</Scope>
<DFType>
<MIME>text/plain</MIME>
</DFType>
</DFProperties>
</Node>
<Node> <Node>
<NodeName>DnsSuffix</NodeName> <NodeName>DnsSuffix</NodeName>
<DFProperties> <DFProperties>
@ -1996,6 +2035,8 @@ The XML below is the current version for this CSP.
-- AES128 -- AES128
-- AES192 -- AES192
-- AES256 -- AES256
-- AES_GCM_128
-- AES_GCM_256
</Description> </Description>
<DFFormat> <DFFormat>
<chr /> <chr />
@ -2180,7 +2221,7 @@ The XML below is the current version for this CSP.
<Permanent /> <Permanent />
</Scope> </Scope>
<DFType> <DFType>
<DDFName></DDFName> <MIME>com.microsoft/1.3/MDM/VPNv2</MIME>
</DFType> </DFType>
</DFProperties> </DFProperties>
<Node> <Node>
@ -4087,6 +4128,8 @@ The XML below is the current version for this CSP.
-- AES128 -- AES128
-- AES192 -- AES192
-- AES256 -- AES256
-- AES_GCM_128
-- AES_GCM_256
</Description> </Description>
<DFFormat> <DFFormat>
<chr /> <chr />
@ -4255,14 +4298,4 @@ The XML below is the current version for this CSP.
</Node> </Node>
</Node> </Node>
</MgmtTree> </MgmtTree>
``` ```
 
 

3
windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
View File

@ -12,6 +12,9 @@ ms.date: 06/19/2017
# WindowsAdvancedThreatProtection CSP # WindowsAdvancedThreatProtection CSP
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP. The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
The following diagram shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM). The following diagram shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).

3
windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
View File

@ -12,6 +12,9 @@ ms.date: 06/19/2017
# WindowsAdvancedThreatProtection DDF file # WindowsAdvancedThreatProtection DDF file
> [!WARNING]
> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
This topic shows the OMA DM device description framework (DDF) for the **WindowsAdvancedThreatProtection** configuration service provider. DDF files are used only with OMA DM provisioning XML. This topic shows the OMA DM device description framework (DDF) for the **WindowsAdvancedThreatProtection** configuration service provider. DDF files are used only with OMA DM provisioning XML.
You can download the DDF files from the links below: You can download the DDF files from the links below: